23542300x800000000000000031594Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:12.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A7BA12C2A0CC2B176F326D040C13689,SHA256=9E8F9C164658AD80C33BB863DBC52C06ED34FB6E6B085B722F11168FA140C913,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:12.293{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B4AEFDB8E48705AF025292A46A581CE,SHA256=E6FD00DA6B5535D1A3351465652EAF66780E2DA5DE5AE33D977BEEC8CC16B0D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:12.191{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\surveyor-20220120080928-144MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031595Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:13.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3496DCA61D61388F81F62A3CE6599F6C,SHA256=F7FC3D982D511A3C1382F5D5A4D3CC086DFF46FEDC6759098E6F34EAA73AF0E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:13.311{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53CC0891C252879AFCC6E1A20E6CF538,SHA256=562DB87A99FF2D87B1340D6DE6349E7F39B08757B07BF7FC451AF96578C9D844,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031596Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:14.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7D4CFCEE770B16900600A985A2D86DD,SHA256=B12EB030CCA9DCAA6267C4611F8D1A23F41448A3856B76497CB4DB651BD77E2A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:13.406{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52427-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:14.326{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CBFD53B110C607E66F29B1B2CBBA4F3E,SHA256=000AD091C0AF51FEB4E899F69791077267258C8571FFE4220C86ACD81F5514C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031598Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:15.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5CCF6D5AA27BA65E0C6BC3E0DC8DA34,SHA256=D9E6BE76D04FBC4646320117D36B7C4CCA0DDDE84BF9BE20EEB979FF4CA5EFFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:15.473{6F5BEE90-18AA-61E9-1100-000000002102}480NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E6DA5D2E1C062D208AA03094E1FCD231,SHA256=93E2A7F3221E3F16C5C90304B56D13FC617C6144CB776A75BB9236CED8076934,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:15.357{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2576587DEC5D1440988973E55F5A9188,SHA256=3DE147A30518E48E92501B7E78DF649D4CE3D493484B757DEEF9E96FAB199007,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031597Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:12.843{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51370-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031599Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:16.907{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC427D635193187D783CCE220D6DF218,SHA256=5A4655A0545A32C690B1C53F21DDDB459225DAF7D8629719DA4624248247D574,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:16.358{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77D0675840560726E237339B2CDB7619,SHA256=40DE2618376D2862E76102DA543DF4F4CEC1F7EF612FEC954F728FEC51F19F83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031601Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:17.923{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B30510F5139B422CB4B7FEF80E2DE8E0,SHA256=AA604A03E0BE386B2ED95DA1FFED6E015BA0A8C8431ED6BCA7AA6E9BF3FFF1B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:17.369{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A98DB39FA12B86DD57EF801F7960CF86,SHA256=15F747D21402896039926120671C5B32675C7AE798DF2BED0FB4D96671323ACB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031600Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:17.314{CE7C8936-1B12-61E9-AB00-000000002202}1912NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031602Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:18.939{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81E9E81CC7F36703A4ED3BE4D66E500C,SHA256=B694516BDC280680E4C037D13AECCA1F301F790F31FFE4B823E2BB118521271B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:18.403{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30F46A4E4F0A5E058ADCC1FE076A9A34,SHA256=C062A22DD77994F2FEF612B3B13FB066D46DCE852EB87202ADD8CE78C92F1A09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031604Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:19.954{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0696AD20901513AA3411E767D57E9DEB,SHA256=9BC5CB2F264E8BE630221D958A0B3DAEA33AEE65B8DD21F4E645E79074A2DF5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:19.421{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFF0E50498F47C346DBC3456F0A5113A,SHA256=4D15DA8CBEAF24E8354DB978E297CBDCE51EF848BEA4D264C9AC21CF55CC39A4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031603Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:17.015{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51371-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000031605Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:20.954{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37AEEDCA9B98E355818F699E1CD3E804,SHA256=7E5B8B3272C5E5A3834EDD9BD444B961112DF81A4B17C2D80CACE6847D0F6249,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:20.621{6F5BEE90-18B8-61E9-2F00-000000002102}3024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:20.436{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A169CE73A55983397C3C97B346AAC13F,SHA256=03F071C1564693FE1404834CAA18A00D13BA0A1F051C8BED6542633659FEA3E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031607Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:21.970{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B53C7E5A02ED76B6E986183A320DC68,SHA256=E187798BA2D7606843E5F4ED7D9A7A2C942E63A1A587D8E6B5B31B5D1355EF72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:21.452{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9D798AB551C1DAA300A339863447BD2,SHA256=A20F90D2BBC2E727028508847947970F5898A0B4C7F6572A895DD2240B8ABC9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031606Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:18.874{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51372-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000058047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:19.333{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52428-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:22.452{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E67AB4C6014ECC69F429231CAC8DD035,SHA256=9AA6EE243828E2F7EEA4D43F886D7D1E9F3C271D0F9286BA6522CD341BAE9745,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:20.894{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52429-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000058051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:23.467{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E60A69EBA717478ECADFD70C98AF148,SHA256=2242F665866724B0882C618C65C3474A44811ED02C3B5617B80A05801A80C64C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031608Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:23.001{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=990903B1E55B655383343DD5AE3E9783,SHA256=59E91E758D815BED3240D2F7464B676C502E6DF911D53D0386CF0ACA1238D591,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:24.500{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A24F68F01227878D2106BD0E49539227,SHA256=6E17A7C83752AF332766E5489455466C024602B6ECE7792F33243DBC36065B33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031609Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:24.173{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3E333CF1BFDE2EFD60E1B4A4C8A8288,SHA256=3CE68F130A68B583DFB1FAFFCB51C8FA49A14EE783DC39B4431D3BDB18DF3FDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:25.535{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=826D04E04B242CE1CBE84B222768F6E3,SHA256=3BBD3AE4CEE808BE97D8847110B900838C4DAC4E88DE74057D4058CA72182C20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031610Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:25.173{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DB9216503E6EE722D8F3F2D804D7710,SHA256=34FB238A6461135E8DE26D7B2A5B0DB5D320D6345D5F35987EFF0A1C592BC3BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031612Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:24.812{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51373-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031611Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:26.189{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E72001A95EFA12DC3D5F1ECA0E717D4,SHA256=5F6FEF342A976B16EBDD43DC30BF55B79249DB9FD8956164A1C5ABAD277597D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:26.566{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B90C33B169D63D5DFE9C26FD49BFA6A,SHA256=670B45262580E93C90228224B62C9BE172375664395D0F70E222403608758A2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:27.592{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B4AC92E44A9EF8FB4EE32E859851333,SHA256=4ED1396C2F0E38E9473EAD21940EE3C615FA325FB06542AF1939EAEBC6E2F53D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031613Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:27.220{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AED5E3DD9DC6558A09190C6FA475871,SHA256=4AB1DD806218D0D1FA8F9A2CCF011912C43BAAFD81839E52B532C39698F9FD36,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:25.346{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52430-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:28.595{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24FBE01C6B6B2E75D6122635D32763BD,SHA256=FA723B975C112BCE902BBA363B9DC17E9D9C4890166B8F3739F217D89CDADD1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031614Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:28.223{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85DA3F69BC25345A9FCD9FF6EDD7DE85,SHA256=D1DFD587E29D84D547DE8060206E763928A19866FE1669C7E9F9544FAF767C1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:29.596{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF3B16198FC16FA4CDB52DE98C60C8DE,SHA256=2516C4A16C269A53498DF6178D5C0B50E8000181D0A8B864C9968FD10D780EE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031619Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:27.764{CE7C8936-1A7C-61E9-1000-000000002202}920C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse184.105.139.69scan-03.shadowserver.org39764-false10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal3389ms-wbt-server 10341000x800000000000000031618Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.411{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031617Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.411{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7C-61E9-0B00-000000002202}604C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031616Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.411{CE7C8936-1A7C-61E9-0B00-000000002202}6043324C:\Windows\system32\lsass.exe{CE7C8936-1A7C-61E9-0A00-000000002202}596C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+1b8ad|C:\Windows\system32\lsasrv.dll+2878b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031615Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.254{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92845E5F4CD721788A028383B3AF410A,SHA256=6943290731ECDF0959EA13B8D2F203BB61FC995DF4E76055DC584C1BD7E39C5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:30.615{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9632DDC263F3B721E2CBBCB19CF5BAAB,SHA256=B9254CFBFDB9C82F787F173D28B3396A70D822897972927BF39B8E00A335F290,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031622Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:30.442{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=138581933C46B600CBAAAF2BBBEE00F9,SHA256=9E52A06F7BC66F5B755BCB56EA6FD9CCDF991E32DD62E2CEB2B477018D041CA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031621Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:30.442{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=26BEC39B4377DEAB9D32710BA5BAC2CA,SHA256=88B8D801F876FD98A6B29D69167111B8B0CB6462A1A193E4C44E36EAAF5C83D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031620Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:30.270{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32ABB42711CB8BEB7515929DA591BD61,SHA256=FA36BEF3DB6CBB2073AD0F46C2A08514EDC681631883AC131289BE228F6A4195,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031623Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:31.286{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=543282327C0AC2571D256502CF7EE600,SHA256=F1806AC586B7902BD141EF6F291603D4EE02492D5D39F024851A4FD7217559FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:31.635{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C96559D15D6F724E0E4E0A2765D7B28,SHA256=16ED8C2C743DEC8AFF5B14B8D1A5C15381242845554D393D9C8738EE820CFDC5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:29.690{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local53domainfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal61601- 23542300x800000000000000058063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:32.650{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CB80DB9DA029C1EE41A9F9339540FBD,SHA256=E91FDF9F69570D2F025770C44494E0EAE7E97EAC04AB8DC124E55F8CE431AC20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031630Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:32.586{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\respondent-20220120081703-136MD5=48D9DB22D5DA72E1508DB4774F89CD54,SHA256=47231F73915EFCF046725A41CCC183BD3625BDF28EF9197BB172C87CF7B7A72C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031629Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.940{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51374-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000031628Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.138{CE7C8936-1A7D-61E9-1600-000000002202}1216C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal61601-false10.0.1.14-53domain 354300x800000000000000031627Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.138{CE7C8936-1A7D-61E9-1600-000000002202}1216C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:c93:ffff:28c1:2307:1a8:ffff-60559-truee000:fc:0:0:0:0:0:0-5355llmnr 354300x800000000000000031626Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.138{CE7C8936-1A7D-61E9-1600-000000002202}1216C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruefe80:0:0:0:48df:ff2f:8220:4d8awin-host-tcontreras-attack-range-276.eu-central-1.compute.internal60559-trueff02:0:0:0:0:0:1:3-5355llmnr 354300x800000000000000031625Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:29.136{CE7C8936-1A7D-61E9-1600-000000002202}1216C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:c93:ffff:28c1:2307:1a8:ffff-61601-truea00:10e:0:0:0:0:0:0-53domain 23542300x800000000000000031624Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:32.317{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52A14B146599EACE67188B71625BAA9C,SHA256=5CC1F0B51203C803404373F1DB2844F24789E8B489F3132C2D6916BC2F9A0CB1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:30.545{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52431-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:33.665{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBB2940C263CA03E08D4A3E464B15BA0,SHA256=B3F1D1A42FDCB67BB24DE14429DF5009AC2F9F2C90811DBF7B78C536B3464931,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031632Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:33.586{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\surveyor-20220120081701-137MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031631Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:33.319{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D6BDB387D68BCDF0C1624AC42F7CE84,SHA256=55A88817135C406E62665AB556A06CE4B3F135D7D94E6041B4B12349080B6F9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:34.681{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A141F370264E1BA78791858F5E11A0D3,SHA256=3DFD661D68F73556CD9DE4CC223717998075456DE40CE5BEF6324EBAED7F4464,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031633Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:34.320{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2743CFEF8C58728C803D2B1DEF88E59B,SHA256=1C40BD8033C15E11C29BF8BEF0CD35213AB44B2FF9C058AA130D9ABF701833FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:35.704{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=379EE61A6BE9E769EE81FE0A1BE8D712,SHA256=84C0359BF7E33C847613B9F7AA503CF02DA0C8BA6F873CFEB0A828A4A16017EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031634Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:35.351{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10D56F140C53B5E369CDB5A6F6FA7B91,SHA256=D45809AE3C858B6BC3FD2F6677A0A3A1B79E690E1EF128F44974FC8FBD73ACC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.727{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=743AE026BEB3D3C931D070E7EBEB29DC,SHA256=52FFA54AF5D4E332277858ADE35A733E0E0F590901D27DBE27322A22EF8C311F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031635Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:36.382{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CF65BD091E180830380400B5795B1F0,SHA256=441FB4D9722A7F780E93CC33AAB536016C46233E9A22C1CDF48E2921D041C156,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.588{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.588{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.588{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.557{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.557{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.557{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.557{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.457{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.457{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.457{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.426{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.426{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.426{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.426{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:37.742{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2102E8732EA3367CC3954281CFEE9B87,SHA256=BD3DCFBD8386C69396029C1EB6064124CAADC279D7596B3FEAE54585D2F26E57,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031637Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:35.849{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51375-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031636Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:37.398{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A36CABEBDDF701DCE30B4CD73178F3C2,SHA256=F6DDE2B7A2283E156DF18CF6063A19108B5EE83753D6154687CFC18D54E4DF90,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:36.483{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52432-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.928{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=639479FD1B06497CC937A57439793DFC,SHA256=C544D91D915A0A7FFBFD8656CD727C3A6EAAA6DDC5E4530B08C65DF9FF646D34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031638Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:38.414{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E88EFF90393681A66B2D8AA41E1385C,SHA256=AAE17F2497EB6D96136405CDF1A3F604F524789E63599E4DB37324F421E02CC5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.294{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.294{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.294{6F5BEE90-1B15-61E9-FA00-000000002102}46324588C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.294{6F5BEE90-1B15-61E9-FA00-000000002102}46324588C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.262{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 10341000x800000000000000058108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.262{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 10341000x800000000000000058107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.262{6F5BEE90-1B14-61E9-F000-000000002102}49286284C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.262{6F5BEE90-1B14-61E9-F000-000000002102}49286284C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.247{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000058104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.247{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000058103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.205{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.205{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.205{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0D00-000000002102}8885904C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-1B15-61E9-FA00-000000002102}46326136C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:38.189{6F5BEE90-1B15-61E9-FA00-000000002102}46326136C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:39.933{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=496A76DCBC11746FA4759E377A1D6486,SHA256=35148C248AD022C9CB32575C38DDF860034353AD41CC6EF1EE3EA09AB736D8BA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031653Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.882{CE7C8936-3B73-61E9-0306-000000002202}32841832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031652Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B73-61E9-0306-000000002202}3284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031651Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031650Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031649Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031648Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031647Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031646Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031645Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031644Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031643Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031642Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3B73-61E9-0306-000000002202}3284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031641Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.742{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B73-61E9-0306-000000002202}3284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031640Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.743{CE7C8936-3B73-61E9-0306-000000002202}3284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031639Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:39.445{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0569408BFDCFC59FE0FBA64A9A4897E7,SHA256=505936728A4710DAE7177027F583A1C87333BB191F150DD692B9046D6B8212E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:40.952{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1F2267BBB73A7F745E7B3791019D385,SHA256=05BC847F05C26035038D58C17D04D00367ECEEAF441F4E00C064949D35D2691E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031669Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.976{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=446AA6A8927869A207F0721FAADDCD57,SHA256=0DB43471A1EA4C051AA12C41421E6CD507052120B23C3BF45A355F9112D70A2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031668Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.976{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B9A563716E055571CF0E96DDC8076484,SHA256=0E965C11A2A2D731ADD6A237111D364708C144CE29D25EB3335149301ED21B96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031667Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.882{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4397F3822F3F4FA2E647123F548C278E,SHA256=7BE614842D85251443D53099A2FB771BA148B8F5F2D270A49C2D19D2A0797ABF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031666Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B74-61E9-0406-000000002202}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031665Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031664Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031663Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031662Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031661Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031660Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031659Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031658Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031657Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031656Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3B74-61E9-0406-000000002202}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031655Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B74-61E9-0406-000000002202}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031654Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.414{CE7C8936-3B74-61E9-0406-000000002202}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031684Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.929{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5D62731CEC13FC882019D67A4F086A2,SHA256=4F77553C7D23BD117B0D93197A942F08541D13B0F456C0F52AE084EE3F6864FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.968{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF20183163B89D646520780CC32D70E4,SHA256=00E103AE84EE2CA4E6338B886618D8C3BDF933F1619CAE0C8C5D1243C9C75D4D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.961{6F5BEE90-18AA-61E9-1400-000000002102}10926796C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.773{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B75-61E9-6F09-000000002102}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.772{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.770{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.769{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.768{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.768{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B75-61E9-6F09-000000002102}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.767{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B75-61E9-6F09-000000002102}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.765{6F5BEE90-3B75-61E9-6F09-000000002102}6192C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000031683Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.077{CE7C8936-1A7C-61E9-1000-000000002202}920C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse184.105.139.69scan-03.shadowserver.org44358-false10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal3389ms-wbt-server 10341000x800000000000000031682Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B75-61E9-0506-000000002202}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031681Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031680Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031679Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031678Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031677Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031676Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031675Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031674Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031673Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031672Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3B75-61E9-0506-000000002202}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031671Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.023{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B75-61E9-0506-000000002202}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031670Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:41.024{CE7C8936-3B75-61E9-0506-000000002202}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031713Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.867{CE7C8936-3B76-61E9-0706-000000002202}29562216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031712Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B76-61E9-0706-000000002202}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031711Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031710Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031709Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031708Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031707Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031706Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031705Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031704Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031703Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031702Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3B76-61E9-0706-000000002202}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031701Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.726{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B76-61E9-0706-000000002202}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031700Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.727{CE7C8936-3B76-61E9-0706-000000002202}2956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000031699Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.226{CE7C8936-3B76-61E9-0606-000000002202}36522380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031698Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B76-61E9-0606-000000002202}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031697Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031696Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031695Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031694Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031693Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031692Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031691Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031690Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031689Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031688Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3B76-61E9-0606-000000002202}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031687Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.101{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B76-61E9-0606-000000002202}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031686Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.102{CE7C8936-3B76-61E9-0606-000000002202}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031685Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:42.070{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=446AA6A8927869A207F0721FAADDCD57,SHA256=0DB43471A1EA4C051AA12C41421E6CD507052120B23C3BF45A355F9112D70A2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49286284C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49286284C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49283944C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49283944C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.950{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.919{6F5BEE90-1B14-61E9-F000-000000002102}49286680C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+147646|C:\Windows\System32\windows.storage.dll+148fa8|C:\Windows\system32\windows.cortana.onecore.dll+1602f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x800000000000000058163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.919{6F5BEE90-1B14-61E9-F000-000000002102}49286680C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+ba540|C:\Windows\System32\windows.storage.dll+ebc14|C:\Windows\System32\windows.storage.dll+e930b|C:\Windows\system32\windows.cortana.onecore.dll+1717e|C:\Windows\system32\windows.cortana.onecore.dll+15fb7|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+8ab6b|C:\Windows\System32\combase.dll+8c0b2|C:\Windows\System32\combase.dll+39b43|C:\Windows\System32\combase.dll+8c1cd|C:\Windows\System32\combase.dll+37e8f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa 10341000x800000000000000058162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.919{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.919{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.881{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.881{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.881{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.866{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.866{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.866{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366d9|c:\windows\system32\rpcss.dll+3bec2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.850{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB1D00F57F3BD1198782B32737CF1862,SHA256=1BC5ED67BD260AE2038955D678C795B700E2101C2ABF7BDF42380C8356F5CF82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.850{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F44B77878DA543656D1BDD4D20FFF6A0,SHA256=2FCE086B0FB59DE8EFFA9EEA06D9D1DEC86E43E0CD62D54A2DD263B9EE28AB2F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.765{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+26297|C:\Windows\system32\windows.cortana.Desktop.dll+214fb|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.765{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+21491|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.713{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.713{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.680{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.657{6F5BEE90-3B76-61E9-7009-000000002102}58842412C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 23542300x800000000000000058145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=C644BFED912A6E3D27771F37454B7928,SHA256=2ED7DB97E6B3F178709A56FBB6436D86DA55639911CFB4B28E5224A472EBDE04,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-3B76-61E9-7109-000000002102}7164C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+37396|c:\windows\system32\rpcss.dll+3df7d|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=C1DDEA3EF6BBEF3E7060A1A9AD89E4C5,SHA256=B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.617{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 354300x800000000000000058139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:41.494{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52433-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000058138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.332{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B76-61E9-7009-000000002102}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18A7-61E9-0500-000000002102}392368C:\Windows\system32\csrss.exe{6F5BEE90-3B76-61E9-7009-000000002102}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.316{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B76-61E9-7009-000000002102}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.311{6F5BEE90-3B76-61E9-7009-000000002102}5884C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000058130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.310{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=C1DDEA3EF6BBEF3E7060A1A9AD89E4C5,SHA256=B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.277{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.246{6F5BEE90-1B15-61E9-FA00-000000002102}46325324C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a20|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF803E7C6BFF8)|UNKNOWN(FFFFFF171F0A5B48)|UNKNOWN(FFFFFF171F0A5CC7)|UNKNOWN(FFFFFF171F0A0351)|UNKNOWN(FFFFFF171F0A1D1A)|UNKNOWN(FFFFFF171F09FFD6)|UNKNOWN(FFFFF803E7983503)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5928b|C:\Windows\System32\SHELL32.dll+dac4a|C:\Windows\System32\SHCORE.dll+33fad 10341000x800000000000000058127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.246{6F5BEE90-1B15-61E9-FA00-000000002102}46325324C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+55501|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9824|UNKNOWN(FFFFF803E7C6BFF8)|UNKNOWN(FFFFFF171F0A5B48)|UNKNOWN(FFFFFF171F0A5CC7)|UNKNOWN(FFFFFF171F0A0351)|UNKNOWN(FFFFFF171F0A1D1A)|UNKNOWN(FFFFFF171F09FFD6)|UNKNOWN(FFFFF803E7983503)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5928b|C:\Windows\System32\SHELL32.dll+dac4a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031743Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B77-61E9-0906-000000002202}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031742Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031741Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031740Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031739Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031738Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031737Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031736Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031735Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031734Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031733Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1A7C-61E9-0500-000000002202}388404C:\Windows\system32\csrss.exe{CE7C8936-3B77-61E9-0906-000000002202}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031732Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.976{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B77-61E9-0906-000000002202}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031731Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.977{CE7C8936-3B77-61E9-0906-000000002202}2620C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000031730Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:40.865{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51376-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000031729Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.445{CE7C8936-3B77-61E9-0806-000000002202}39923392C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031728Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3B77-61E9-0806-000000002202}3992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031727Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031726Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031725Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031724Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031723Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031722Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031721Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031720Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031719Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031718Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1A7C-61E9-0500-000000002202}388940C:\Windows\system32\csrss.exe{CE7C8936-3B77-61E9-0806-000000002202}3992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031717Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3B77-61E9-0806-000000002202}3992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031716Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.307{CE7C8936-3B77-61E9-0806-000000002202}3992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031715Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A20004AABCEAE139AB153ED653EFE394,SHA256=1849138721D1C1F1F4CBFE3B549D0A42F3F45F5378A443B6C15267258FDD09AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031714Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:43.304{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A30617711A56047B6E40E5FC8B076EB2,SHA256=629DBD1D378AFD0EF63FE548F697372ED7D11537D99C5C3AB377C54F82A5337B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.897{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB1D00F57F3BD1198782B32737CF1862,SHA256=1BC5ED67BD260AE2038955D678C795B700E2101C2ABF7BDF42380C8356F5CF82,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.797{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.797{6F5BEE90-18A9-61E9-0C00-000000002102}8285624C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.797{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.797{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 23542300x800000000000000058172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.019{6F5BEE90-1B26-61E9-1201-000000002102}5320ATTACKRANGE\AdministratorC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\DDGKRVIA\microsoft.windows[1].xmlMD5=C644BFED912A6E3D27771F37454B7928,SHA256=2ED7DB97E6B3F178709A56FBB6436D86DA55639911CFB4B28E5224A472EBDE04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:42.997{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42BFDA8A0B38429798D485E9C39CFC91,SHA256=445D63275CDC82754A5A2C54950ECC19B49C67F82B4178F620FF1AA18C9212F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031745Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:44.586{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32B4F28FB42CDFD67A4F31CCF4335F07,SHA256=77FC39C4F3D6F62ADAFAF50CF70A7AEC61968940B6DCBEDFFD4876170CA3DF63,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.529{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local52434-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 354300x800000000000000058179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:43.529{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local52434-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local389ldap 23542300x800000000000000058178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:44.034{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25246ABD9D90F9520FE8048F28E595DF,SHA256=FD8BCCB10D30F30A749BA98E44626E06CF4F8AE6BB104A31764B975BA9B9DDBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031744Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:44.351{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C5BE7F189BC0E476234203E2B4A156D9,SHA256=F7266FCFF6DE80E3CF8E307121924BDA9D07AD21AFC0C93199C8FEEC81C10B69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031746Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:45.648{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFF9BAB19A9A871C6872133E5BCC2B31,SHA256=ABAA602D6185A61BC30B8B3FD8DD1DF96B717A947AC6A6C3110205665AC5CFBE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.936{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.916{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.821{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000058212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.821{6F5BEE90-1B15-61E9-FA00-000000002102}46325360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba0bc|C:\Windows\System32\TwinUI.dll+ba897|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x800000000000000058211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.767{6F5BEE90-1B15-61E9-FA00-000000002102}4632360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.767{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.767{6F5BEE90-1B15-61E9-FA00-000000002102}4632360C:\Windows\Explorer.EXE{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+1093d6|C:\Windows\System32\TwinUI.dll+82ba7|C:\Windows\System32\TwinUI.dll+bed5e|C:\Windows\System32\TwinUI.dll+bed29|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.767{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.720{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.718{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49286680C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+ba540|C:\Windows\System32\windows.storage.dll+ebc14|C:\Windows\System32\windows.storage.dll+e930b|C:\Windows\system32\windows.cortana.onecore.dll+1717e|C:\Windows\system32\windows.cortana.onecore.dll+15f51|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\windows.cortana.onecore.dll+12bc0 10341000x800000000000000058200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.698{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+2fc27|C:\Windows\system32\windows.cortana.Desktop.dll+2fb6b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+2fb01|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.520{6F5BEE90-1B14-61E9-F000-000000002102}49286680C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\System32\windows.storage.dll+b7e5d|C:\Windows\System32\windows.storage.dll+ba540|C:\Windows\System32\windows.storage.dll+ebc14|C:\Windows\System32\windows.storage.dll+e930b|C:\Windows\system32\windows.cortana.onecore.dll+1717e|C:\Windows\system32\windows.cortana.onecore.dll+15f51|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\RPCRT4.dll+651cb|C:\Windows\System32\combase.dll+3b22c|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+37c5f|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+34346|C:\Windows\System32\combase.dll+33afa|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\system32\windows.cortana.onecore.dll+12bc0 10341000x800000000000000058191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.518{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd 10341000x800000000000000058190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.518{6F5BEE90-1B14-61E9-F000-000000002102}49285480C:\Windows\System32\RuntimeBroker.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\System32\combase.dll+380db|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+76b2a|C:\Windows\System32\combase.dll+6d8fd|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+54179|C:\Windows\System32\combase.dll+129f|C:\Windows\System32\combase.dll+3b233|C:\Windows\System32\combase.dll+3aee2|C:\Windows\System32\combase.dll+397f8|C:\Windows\System32\combase.dll+3757d|C:\Windows\System32\combase.dll+36c4f|C:\Windows\System32\combase.dll+52179|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e 10341000x800000000000000058189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B79-61E9-7309-000000002102}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3B79-61E9-7309-000000002102}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.250{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B79-61E9-7309-000000002102}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.251{6F5BEE90-3B79-61E9-7309-000000002102}6660C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000058181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:45.034{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2C34A6D2EC2145074AF0B8DAC39687D,SHA256=C0B79F97F372C8AB03B71E67F3EC314385574DB179D5099B67073496C4E155A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031747Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:46.664{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8241703A66162EF693B805CACFC8FE93,SHA256=07FAA9834C10768870424BF0E537D673F759A8184ECC5A7FB22F0DF0DE7EE196,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.353{6F5BEE90-3B7A-61E9-7409-000000002102}1132760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.299{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=16D86927F9D05D88F4CAC81CE249530A,SHA256=436E4C604729A51D3856BDFE5958702ACD9F1091FCE4ABCC0C58A95E5BA5CDD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.121{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45D982E85B872F383ADC5BC9EF2024CE,SHA256=266BD803BF65137D896BB58B54E7A5A7477094514FF7E039A6C9DA2389F3E953,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.121{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B7A-61E9-7409-000000002102}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.121{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1CC3B74CB1E21C08B26441E63EA73D9,SHA256=6F83DA4C8DBEE19225228584C7545526B218BB4ABF1290A3905C58C37F24CF46,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.119{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.119{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.118{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.118{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.118{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B7A-61E9-7409-000000002102}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.118{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B7A-61E9-7409-000000002102}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:46.116{6F5BEE90-3B7A-61E9-7409-000000002102}1132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031748Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:47.767{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6A3B62024D613DADA03695F50F0F7D4,SHA256=5BB3944B6315287027EB9CA2FD55F4E2FD792E79BFF4286357E69441A5E8C728,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.637{6F5BEE90-3B7B-61E9-7509-000000002102}58081924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.420{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B7B-61E9-7509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.418{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.418{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.418{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.417{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.417{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3B7B-61E9-7509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.417{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B7B-61E9-7509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.416{6F5BEE90-3B7B-61E9-7509-000000002102}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000058228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.137{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63609D8B15775593AC06523597A4DC6C,SHA256=059C0A345D345F44DCC7C625F1AA576C71A1CBDC7B29BA2FD6ACF0AD7BEFB5D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031749Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:48.783{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18FB50F3C2A7A7AE8AEA2D9EA1E0062B,SHA256=B13F0892A38A5BB0B771E03D84817FC1DC0AB7B3B444498ADBE2656831B7EE18,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:47.348{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52435-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.421{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3DDC645ADE5CBB141B99343CAAE08309,SHA256=63433A572C78B606681EAB1DB4D077D55C7E44265020AF07E6327ADD2829D737,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.323{6F5BEE90-3B7C-61E9-7609-000000002102}53481172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.168{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E9325325501EF466F899D073659BDB7,SHA256=AA4242F9D2CC48B70CC78D3DA380FC15B2D2DF073DC7CA7E5C503B4324C54249,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B7C-61E9-7609-000000002102}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B7C-61E9-7609-000000002102}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.084{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B7C-61E9-7609-000000002102}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:48.085{6F5BEE90-3B7C-61E9-7609-000000002102}5348C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000031751Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:49.861{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96CB556CA84A45AA0C41A784D10C87A1,SHA256=B66E5CB08D3EFD38D31449C2B30AA96EEA99CA739AAF291EB5D5F8DF7C9E521C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.227{6F5BEE90-18B9-61E9-3500-000000002102}33043324C:\Windows\system32\conhost.exe{6F5BEE90-3B7D-61E9-7709-000000002102}6480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.225{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3B7D-61E9-7709-000000002102}6480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.224{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.224{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.224{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.224{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.223{6F5BEE90-18B8-61E9-2F00-000000002102}30243900C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6F5BEE90-3B7D-61E9-7709-000000002102}6480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.222{6F5BEE90-3B7D-61E9-7709-000000002102}6480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000058250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:49.190{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28735A3D6D2B6173EC152C52E37C4D98,SHA256=CF3301B5E885ADFDF2D2722C4F29623446D2C9225C83CF53EEF730D5E53FF0CD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031750Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:46.833{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51377-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:50.228{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=262940F7C19D9E03CF6F6731FFB90677,SHA256=90B6C17F38666E85B1E2E387D8796D961D33657D6B8522E7C22BC6DC959C8615,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:50.197{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FED6D9A1FFEE9AEBFDBB672524D3D7E7,SHA256=11F192564190F3A802C8CA30BD1B7205F4FB4D85C67A5D65D9F427F4D82B3A10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.212{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=153B99662495C47781ACA264A6A02270,SHA256=25103231BA30AC2024E617D5597CDCFE1FAEBF2E10C6D3DBCB4F83640CF45B27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031752Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:51.095{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58DECA45A7C214C4A081F501B26B0D9F,SHA256=3E732C6A9B40ED903F69BFE14D6605B7EC37E2BD692A7871BFBE20FD9E02606F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281296C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-18A9-61E9-0C00-000000002102}8281952C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.096{6F5BEE90-1B14-61E9-F100-000000002102}2632324C:\Windows\System32\sihost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2064e|C:\Windows\SYSTEM32\ntdll.dll+1e864|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.048{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.048{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 10341000x800000000000000058261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:51.048{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c 23542300x800000000000000031753Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:52.205{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BFBD8E68310E249D6D911164694F4AF,SHA256=E54B4C1C708EAE5750CD5DAA21C8B39E3626F6C28E20E7D52DD1128CC5FEC6FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:52.213{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB5926A96763E83051E322B174DF9CC5,SHA256=4EEA8607962AF58775C396449A97FFC121DCE656379AAB2449A881EC8750D77A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031754Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:53.236{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB058A2EC1C422C4F608FB100A666966,SHA256=19A5721E23ECF99E5B3AE462F7D227304F9BCAD955B5E65A0F2E64126EE29E68,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:52.393{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52436-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:53.229{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1E36A0046808E7EB4008E24C17D02FD,SHA256=4B3D53A97A2ED534876833F8BE5F5B8A21FD6B4B3431AFB50571418936956036,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031756Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:51.859{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51378-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031755Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:54.252{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AD3F36B5A235A7CCFB4FDEC5D83C7DB,SHA256=02205A1C0244F974F934A8C199E735FF61F6600FA31B399F12C5620BACA2274E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:54.232{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9ED824B4DA1D9EFB6EE9833942617D5E,SHA256=18310594E81C8AAAE57FEFC477D7E91F26F4BF8F84D0CFC2A2ABC508AAF97A39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031757Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:55.299{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFFCEE958D095B10C61522EFDDE9505E,SHA256=164697AAE5E51E07EA4F8C0E9C81CF987125F26E82A1E49CC2FFE8C67D9FDE8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:55.233{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AAEFBB6A506957FF01C27DFA71F7F06,SHA256=3F9E235AAEB43C2A7E79BA5963CD638243F5FE139BDC1208D3302E3DA7A3BDAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031758Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:56.314{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A3D67900B01215BC1CA13AF610749E5,SHA256=612E90981DFAACBCED0F58EAA2FC19087D09F52304EE061AC03D52FE55B6C2E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:56.234{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7ED785EE54C943FAA12615398575A988,SHA256=B5AA03B13F06B31CE258C6F69410DF3360908B76BE0D03623CCA759BD1312ACE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:57.254{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC13337A4F330A6A15E2F20C03E6888C,SHA256=C05637D5E289324A3797B118C09BCFEF6DE8A3FC4970B64AA6BC5403C569834E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031759Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:57.330{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17D637BA2C8BDF26FE0ED6D2176AC33D,SHA256=EB8AF9C55E0CB4DE8C266330AC8F7D53FDF19198205FCE5EF2FDBF26C05FA54F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031761Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:56.968{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51379-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031760Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:58.345{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73410725D746322D5DF487D6D71E5B4D,SHA256=C4F5B139833074D5BED54C40DDC02A2D0FF4E59BE25B3B04C31180C43DF81FE3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:57.413{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52437-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000058282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.455{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.455{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.455{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.455{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:58.271{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3F4C27A073338DA1093D7D1BA3C6777,SHA256=3D2962C71CF38971D4F4E73A3339C1610D09F606AF6F3D0304FF71E598B14A62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031762Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:37:59.361{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D488FF3D04687547FE116C66C67D7C49,SHA256=D5B3F8D1795E6E7DA3A0BDA313B76FE2020286FCFF89A40A25AA4A439F4E4731,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.918{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.918{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.918{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.872{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.872{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46321004C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46321004C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46321004C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46321004C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.833{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.817{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.817{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.817{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.817{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.802{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.786{6F5BEE90-3B87-61E9-7909-000000002102}50844268C:\Windows\system32\conhost.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.772{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.755{6F5BEE90-1B15-61E9-FA00-000000002102}46325912C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a912f|C:\Windows\System32\windows.storage.dll+a8da5|C:\Windows\System32\windows.storage.dll+a8896|C:\Windows\System32\windows.storage.dll+a9d08|C:\Windows\System32\windows.storage.dll+a86be|C:\Windows\System32\windows.storage.dll+ab4d5|C:\Windows\System32\windows.storage.dll+ab854|C:\Windows\System32\windows.storage.dll+aae90|C:\Windows\System32\windows.storage.dll+ad6ba|C:\Windows\System32\windows.storage.dll+ad472|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801e1|C:\Windows\System32\SHELL32.dll+6717e|C:\Windows\System32\SHELL32.dll+17c29c|C:\Windows\System32\SHELL32.dll+19ea38|C:\Windows\System32\SHELL32.dll+284513|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+17c540 154100x800000000000000058285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.750{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=65D86C34814C02569E2AD53FD24E7F61,SHA256=8133502266008B77DE7921451E1210B0EF3F0ED2DB7D8D3EE0C3350D856FA6FA,IMPHASH=5E0145CEF36FA9BFBA7DE33AA683B8ED{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x800000000000000058284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:37:59.286{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33AA803988DEFA5DBD7F04B5A9B664D3,SHA256=30408A4B8C8A70623839BBE33479008C823C0DAF3CA626A277EF99276AF29BD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031763Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:00.377{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=254B61584906279021B1CAD4D2510403,SHA256=BA35A71393D43A4F3D3BCB3D424544B709373B0983AACA0AEEC4FDA505FB50F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.767{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B350D179A29FBC915862682C26D961F5,SHA256=334F0B303C9C8083858FB40D7E5DD9B871F525F8930A61A213EB1B42DE5D7FFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.766{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C844E9D12945568AA7E3CB5D304AC243,SHA256=5E532342B0000F138FD5490CE4861EAA4408A6B87F4F8EC63E1B574B28708989,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.747{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b21c(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+95cf|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000058317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+230fc(wow64)|C:\Windows\System32\windows.storage.dll+10b14f(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+95cf|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000058316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8 10341000x800000000000000058315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+10b13a(wow64)|C:\Windows\System32\windows.storage.dll+10adf5(wow64)|C:\Windows\System32\windows.storage.dll+10ac56(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5 10341000x800000000000000058314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+26498(wow64)|C:\Windows\System32\shcore.dll+2995e(wow64)|C:\Windows\System32\shcore.dll+29cab(wow64)|C:\Windows\System32\windows.storage.dll+1e3eba(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+95cf|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64) 10341000x800000000000000058313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+264da(wow64)|C:\Windows\System32\shcore.dll+297f0(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3eac(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5 10341000x800000000000000058312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.514{6F5BEE90-3B87-61E9-7809-000000002102}46961916C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Windows\System32\shcore.dll+2983c(wow64)|C:\Windows\System32\shcore.dll+297cb(wow64)|C:\Windows\System32\shcore.dll+299c5(wow64)|C:\Windows\System32\shcore.dll+29d58(wow64)|C:\Windows\System32\shcore.dll+29dc5(wow64)|C:\Windows\System32\windows.storage.dll+1e3eac(wow64)|C:\Windows\System32\windows.storage.dll+10ad68(wow64)|C:\Windows\System32\windows.storage.dll+c4f96(wow64)|C:\Windows\System32\windows.storage.dll+c4ebd(wow64)|C:\Windows\System32\windows.storage.dll+c613d(wow64)|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+c2f8|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+acc5|C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe+95cf 23542300x800000000000000058311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.337{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D70A97F1F65498746F548BD25B666C50,SHA256=CD4C1D8C253ED6CDAEF2D1B3F24931A446E1609258B5E8615E7AAC8C07B5C02E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.018{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:00.018{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031764Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:01.408{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CB852FDF70E0EB813C98A25883A84A2,SHA256=C4673592D041C4D13391CA59815AF6AC4FC1D9535F852B00892F34FE95FE2548,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:01.732{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_vwszlxrp.c22.ps12022-01-20 10:38:01.730 10341000x800000000000000058324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:01.668{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:01.662{6F5BEE90-18A9-61E9-0C00-000000002102}8286020C:\Windows\system32\svchost.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:01.364{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98CDF437511EE1BEDD645D6A3B48BD53,SHA256=334B10DA80CE0F793FB26DC11A6611054C7A8F1F701FD65FA68C31D8BC1B9AD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.693{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=2415696C288A43700F39D25C7B8FDC9E,SHA256=0E91725FB8B7064F0EFEB90DEE62750D3FCBD11666C5A0AB4AB2CE5C9BA0EC91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.371{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F9DD4970B64C1F3F4DBD0BAF81EA528,SHA256=850E2DD312A118F30DE7FA44AB921C6D6CD168658D910991F2283DC8E236AFC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031766Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:02.439{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40F5589F9DC62B421815B437D3551408,SHA256=FF25BA1838397491652C65AD8F3C50951F7B49A1900EE0AE02EF4D9015F546C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031765Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:02.377{CE7C8936-1A7C-61E9-1200-000000002202}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=72C25F67A7DF7CB7F3D62B177237D91C,SHA256=36AAA1170FD46F512F920D66ECED1C6277477BE1F2BD14967A115FE7DAF69B2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.324{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.324{6F5BEE90-18A7-61E9-0B00-000000002102}608660C:\Windows\system32\lsass.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 17141700x800000000000000058328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-CreatePipe2022-01-20 10:38:02.124{6F5BEE90-3B87-61E9-7809-000000002102}4696\PSHost.132871486797507973.4696.DefaultAppDomain.powershellC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000058327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.100{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_f22igbhb.yrt.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.099{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_vwszlxrp.c22.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031767Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:03.455{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F77EFA7832D406D6130DB87B2D2D2FAF,SHA256=1C9241E54EEAB8436E4BEB3C7C370ACCFAA3EF4897704D01463DD6BA292D013D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:02.441{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52438-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:03.789{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=93F85733EF9B24C9E7DC1DAC2A84F7FA,SHA256=02A67112EDA64A1A9658A4964A976C7433426F3B9AB3D5AA821446F0158D7A42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:03.408{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A5FAD3E307504FC2428BF00D10B8709,SHA256=3778FE7090F7178FB61135EB6430315C2A56C4BC9F6617E650326693F97B41FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031768Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:04.455{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E27AAAB3E82A0F178427C59A56D44A0C,SHA256=E544F375ABC4893A8D9A5D11E6B3C5003A140FCB7CF07323F61F63E473D7C174,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:04.409{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8A4B2DE41C1D2F37F94BC7E7CD9301C,SHA256=DD86B0E4C56F959F5EE2CBC212001615AF6387CFAE176E6CEF28D15245166DAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:05.424{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D4587BA5CD08B23388966071D0D49AF,SHA256=5450AB205C4CFBB9A278D32EE5F8282708C6A4EB390D76A8B6D2CF7965B4BE6A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031770Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:02.906{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51380-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031769Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:05.470{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B870BBF77D456D511AAE0FB58C94C4C,SHA256=4E86C9C93B2AE5A98D858A02A1DDC18159FE79FC10670F33FF9B4AB4CC884133,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:06.439{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E1D81CEDC4FC3AE9FDF0386D8CD6230,SHA256=79F9D79B75164B617FAAAEE8F8FA9950FE02823824D9CCACEBF4194DD415BDC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031771Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:06.470{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F839444694854D2AB53EC9EDB3160576,SHA256=98D35BB02F54CA374917352200930A331DE5B3694BCB2AFA7A97A6B4E20F46FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:07.454{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02E152DD161FC4F651E867721CE1A42D,SHA256=18ACA5E16111C56C18417A9BB373F1DBC4368C71B26F6E7771554968B758A84B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031772Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:07.486{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=376CA0462B49009B0F699E9E40A5288F,SHA256=6D2AE7BAE351CCBB8DC00CD94406FD04E65BD321DCC3F0E45183BB539D36A8D4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:07.484{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52439-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:08.470{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC8C9D1EEF8054DE15B0541750F96BFB,SHA256=A805D75EADC940CDEE4F3C0F7CFB0F2E3A25A060504ABFDDBA148825D6448894,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031773Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:08.501{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA101C864FCC0C7C6A5E79E83C6666EE,SHA256=AC9F6D45FB8B534794A4662AF04D6339E825F230BB9987EE3CA65556E9129E8F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:08.191{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:09.492{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8112AA2FB2CFA7EF75320BDE24044ECE,SHA256=ABBD8A2E9AD8CE6572FBFE35EBA15795CC8FBBD09658F2BF32DC83D64D58E1E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031774Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:09.516{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77F93B87C06B79B3B47FE771AC8F6787,SHA256=ECC8F6E9B1C78C1305041B2B08CA54C60D2DF3973FCDABA7B15064C07DECED59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:10.517{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A296ED00B22CFD443C863E3460BB4AB,SHA256=385A388DAA9671196DD2C350D25949592E90DC9ACA5A5782065BD0DF7FC3FFD2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031776Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:08.764{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51381-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031775Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:10.516{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=209378FD58852CBF9485D2FFB83795BC,SHA256=DBA7E3F247DACC9B30819F1AF42F0F978D8D4FC6ACB49DA363EE1980E505B969,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:10.473{6F5BEE90-1B14-61E9-F400-000000002102}36683156C:\Windows\System32\taskhostw.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:11.520{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE503B6D2D75DDEF03BE05DEFB8FD8BC,SHA256=336F3F60593BC963B41D60D6696F7CA0C176A7B2B21FFD780BC43600896025CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031777Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:11.532{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78EC1707D775150F8B0DE51204225041,SHA256=20F335A630E7F61D7A3617F1BA4616696BB551BE03A29AE81B717C8A3FA59F9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:12.723{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\respondent-20220120080932-144MD5=44EE2058E1CF53803DE801177DF9FF30,SHA256=D4B695239EFC7A7D204A7F26661A6155EA831FDC6A54CE0076B22CA3E58183AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:12.535{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EDF4562C9030ED1E6E1D91391E31AC2,SHA256=2843FC6452902B4F92BFF41CCDD71CA65458967A92E202273D9E252C59F6574D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031778Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:12.548{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7BBEBDEBF21D7FB49E55834C75922CF,SHA256=4D88F975668813CD50080E7DB759750F7B1D8C040D709EEE03478657F87A7880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:13.724{6F5BEE90-18B8-61E9-2900-000000002102}2920NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0571bb7ceded66ec2\channels\health\surveyor-20220120080928-145MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:13.551{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDF21AD67D741858B384DAD385D69ED5,SHA256=FCCFC7C853AC0BCEBB3B8A284FE1A441FF9F7A8CBEB7F5793E8506C1A7A38F75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031779Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:13.563{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=978CEB5BDBF8E0FC84F385BD9ABE9759,SHA256=CC314163E20474D751CB797F39CDA3F4899A386CD2D1A9D712EFEE8F31A53F47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:14.570{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBDD94801FF671E9E8EF697952618694,SHA256=77F35CD65386CBE8F5A79B83306D3C737F823F923FE9F963CBC84FC4D24B65E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031780Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:14.563{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DD3F29CC644DE9EBF337A489F855C95,SHA256=3D859D7F84FCD3E749E92E2011900179A40F5AB061B884A353D5664F8EA6F697,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:15.586{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=264A216FEE8E265F0AC92415C879DBD0,SHA256=79E8C4CA81F4B9EB17A8CAE825C6F0F3C3D6773D20FC90BA546CFA9FEA898823,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031781Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:15.579{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA15A1F01B6E67D423A16F2B93FC269,SHA256=13D621DA9BD91E839E5712E5D201D41E9610A6965917BFFAD53CC54C59E35EEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:15.554{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheMD5=60EDE099EB0E0BEB7F11680662F30C5C,SHA256=D1DED6895B7E358BF6A27509168F60ED73909AFE5CAB5CFC0F7A66322D53D214,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:15.486{6F5BEE90-18AA-61E9-1100-000000002102}480NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=4A2E54D76639C9BDE1BD5BD482EFC18C,SHA256=18E9827D66F3959FC622707D1671F4963A7B621DAB226031BAC7D9E014125C77,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:13.496{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52440-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031782Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:16.594{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9D4BE53E5CE72F282E99C1EC168AA4E,SHA256=83AF4AF7DB35ECEB0E10295998AC7647304F717398DC76A46DCB53B00BC8D926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:16.605{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA64AF2C50C2C4B1F9C8A3D88E47D06E,SHA256=34A7CDE1001DDD46A5DD03BAB5F7EBE1409E498ADF59C1317350FC1162C5DD9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:17.623{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D51E35975819EB8AE3C10FD7ACB2BF9,SHA256=EEB937ACBE6D4A8562997A9C05FFA775DD64899187C9DA7589EBD8946B555A58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031785Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:17.610{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2F44230D1603958CD0745D0C194EB43,SHA256=4F2B946241D185F0136E68A34586BBAAB2FFC1F5900F624AD0E5676FCEDA57BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031784Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:17.344{CE7C8936-1B12-61E9-AB00-000000002202}1912NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031783Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:14.780{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51382-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031786Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:18.610{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=876FE999D18B23878BB6DEC29ED9D717,SHA256=FFDC69A2A1525481201525EE12324B36258895B5E161C7F998F7B122C2E50D94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:18.624{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=374BF957B0DAC45E1763ACE8A4537D5A,SHA256=C47474F0709AA89028AF1C8E5FDAFE012055606C1009D43AC3A3AC7D921933C9,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000058358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-SetValue2022-01-20 10:38:18.571{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d80de9-0xd68faf7b) 23542300x800000000000000031788Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:19.626{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5495E861F90708713AA4127F69928FD8,SHA256=C46A03F565726513EE812AB5E7D2C5D0714689C3E924F1B90DD16D6C3F1C837A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:19.654{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90C0E6D8CDBD3E78F3EC8FFB80F93644,SHA256=51BB8A853080A0E26857B216AECACBBF5606CCC1021AB7376A9D84F3E76E5DFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031787Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:17.045{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51383-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000031789Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:20.626{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5078371DC51323412C5933BD45FA51C,SHA256=80BA94D1766F7206386E09B09023DF15D2EA1F334AAC750EA6CBEBF0C1530C05,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:19.418{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52441-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.670{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=733DAF22227D9515E9BA8C1E65D05D2F,SHA256=79A458CEB60672506ACBDCF99C3B8B2D27015496126D71C4167EBE89B6CDBAD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.638{6F5BEE90-18B8-61E9-2F00-000000002102}3024NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9E11AA9F3452DB0F16F9E79CCD407159,SHA256=0B6123CF67044127245D77723D015AECD3385919E1F78356EC114EAF4F576866,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.538{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62725|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.538{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6263e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.538{6F5BEE90-1B15-61E9-FA00-000000002102}46326520C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62607|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15458f|C:\Windows\System32\windows.storage.dll+15330f|C:\Windows\System32\windows.storage.dll+1562bf|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.523{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6163f|C:\Windows\System32\SHELL32.dll+62db0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.523{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+62d6c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.523{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61894|C:\Windows\System32\SHELL32.dll+62d40|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.523{6F5BEE90-1B15-61E9-FA00-000000002102}46325552C:\Windows\Explorer.EXE{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:21.685{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5D46D3B29478D37398AEC514DC309C3,SHA256=0822A93E56FE7B60CB21B5F4F369A85110FF60E7CF08F9BB94E20A2402E28D52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031790Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:21.641{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EBA41F1B2E4E9002B7A16808EFCCB01,SHA256=38AD475481A7F1DFF8627816813896FF86F062FD671603659E7553CA967278EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:22.706{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40B9CE5595EECA1B2972C7F3DD227006,SHA256=A0F302167B122A083B7D10481AD2CC0512FBDF7431BB04DB28010E14F93993EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031791Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:22.657{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A24686EF4DBDDE3144311CB734C2E5DC,SHA256=1EA5F68091AB053E61CBE28EBA75C5919EFDE63D64CE12894023DF18398CAA65,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:20.917{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52442-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000031793Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:23.673{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13E1C1738F90789A909AC8C149D7E174,SHA256=806DA450241CDDFEC0185CC5C16C68FFFDFD14BC9E81D270D4BEBCBC359AC3F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:23.714{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79A446B3DCF5965B8E2497AD58EF9840,SHA256=CD87655F82E64A11656B8FF06DF8CEE8B50F49C69B8EF776773AA854763CE24E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:23.230{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt2022-01-20 10:38:23.230 354300x800000000000000031792Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:20.795{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51384-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031794Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:24.673{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06496A865426B11FD11F6608C5B4F1AE,SHA256=2826ECED32623C4076F0988D3434E5AFEDBFE6FD9C29A7A46D245FD140743CB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:24.729{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73327D8D6496CA63B713D3DC41C6A6B0,SHA256=36182DE46286ED5CAAEA56B8FA08EE570AF06C13A0A4E21718F8F99D76E480D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:24.261{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=5B27C492E296F4160D8BCB16CD68728E,SHA256=80803A2BF2C1C7C617F7E7A909BE4AED6268068371F5BE1F87F03EC5B1555DE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:25.746{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2710421A765A659DC11FE93ED697D1DF,SHA256=9744C9EA4DEBCA4340E378517AFC08AB5ABCF05472755DF2D5116C6230AA49CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031795Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:25.688{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B195657E9FBD7DD532872D4318C4495,SHA256=0C055EB1BF79D5894296B4021B5742E1035E77013D808CCA391B0BD34A7AB658,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:25.160{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_2ufs5i5x.rqp.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:25.160{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_clvmlr13.zkv.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:25.160{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_clvmlr13.zkv.ps12022-01-20 10:38:25.160 23542300x800000000000000058384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:26.762{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=797812CD755CC2565C04018586EC1512,SHA256=07DFFBE203745E2C33D751A852CB5C472173D4C841A64879E5BD97C640CCF106,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031796Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:26.704{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57636E99E36B3CEBF51DDD48E43EA571,SHA256=8C10DD7E7DFB64CB8BF5B7CE34FC5308202E69292DE740CFFE76EC3DABAEE09B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000058383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:24.539{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52443-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000058382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:26.130{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=E655EF3F0823E0389AFA04577624583C,SHA256=7814C1CD7B0AA17CC0A1D3B4B684BBEA764ACF23061AB6A75B5B637B7EB9956D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:27.780{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4228FEED3CD153623E623C0571F6E0A8,SHA256=2AFD9CCBA9174B01431C1810C3BCB6F1CC9ACA0D298DB043A56F77C59C6C7005,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031797Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:27.705{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DBBD611F07E0E95A397A639085616CA,SHA256=E03FA98E937CFF940D726BDA76571532DF9BA5788AFA1FBA72CDF3756017724E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:27.161{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=0241D4A48CE5617FC41C80BABAF46F78,SHA256=047D41D40F3177C7B48D8978A9701C9D73F8B0064BFF41CABC4A0065FCCB0E25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031798Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:28.720{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C59557925F8308F0C8698A506428B56F,SHA256=435D16F832EADCC8F329E3CB8E27AC69F7176CF781116285DBD5DC02D6F988F4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localEXE2022-01-20 10:38:28.845{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe2022-01-20 10:38:28.845 10341000x800000000000000058397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.800{6F5BEE90-3B87-61E9-7809-000000002102}4696348C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Windows\System32\windows.storage.dll+12427f(wow64)|C:\Windows\System32\windows.storage.dll+123f9f(wow64)|C:\Windows\System32\windows.storage.dll+123ce7(wow64)|C:\Windows\System32\windows.storage.dll+124cd5(wow64)|C:\Windows\System32\windows.storage.dll+123b11(wow64)|C:\Windows\System32\windows.storage.dll+125eea(wow64)|C:\Windows\System32\windows.storage.dll+1262f7(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\shell32.dll+1711b4(wow64)|C:\Windows\System32\shell32.dll+17108e(wow64)|C:\Windows\System32\shell32.dll+1ae43a(wow64)|C:\Windows\System32\shcore.dll+2fffa(wow64) 154100x800000000000000058391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.792{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Administrator\AppData\Local\Temp\2\Nmddfrqqrbyjeygggda.vbs" C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=4F021FB3CBD3023D2E20F69176E00099,SHA256=D63ADCCC897B7F74FE56170446D100C7C0F740A6CF01AD17913409581F392E74,IMPHASH=63ECF92956704DAB3E8ACC4116ED9C44{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" 23542300x800000000000000058390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.783{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49A9CB31DAD383407F54851D7BEB0FB6,SHA256=47FB2EE7D5ACA3EC988A28D11E39FD4CCABF34A1A4DD1E52F9C08D407759A806,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.699{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\Nmddfrqqrbyjeygggda.vbs2022-01-20 10:38:28.699 734700x800000000000000058388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.513{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Temp\Tbopbh.dll1.0.0.0---Frkmlkdkdubkznbkmcf.dllMD5=E61518AE9454A563B8F842286BBDB87B,SHA256=9EF7DBD3DA51332A78EFF19146D21C82957821E464E8133E9594A07D716D892D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAfalse-Unavailable 734700x800000000000000058387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:28.513{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Temp\Tbopbh.dll1.0.0.0---Frkmlkdkdubkznbkmcf.dllMD5=E61518AE9454A563B8F842286BBDB87B,SHA256=9EF7DBD3DA51332A78EFF19146D21C82957821E464E8133E9594A07D716D892D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAfalse-Unavailable 10341000x800000000000000058800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.990{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+15a0bb(wow64)|C:\Windows\System32\KERNELBASE.dll+159d6c(wow64)|UNKNOWN(00000000070FF988)|UNKNOWN(0000000007233D7F)|UNKNOWN(00000000070F6C3E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F8BE4)|UNKNOWN(00000000070F8AF8)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A) 154100x800000000000000058799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.989{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe4.8.3761.0 built by: NET48REL1.NET Framework installation utilityMicrosoft® .NET FrameworkMicrosoft CorporationInstallUtil.exeC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=AF862061889F5B9B956E9469DCDAE773,SHA256=AF5CBD35C7D8DEA7D879113FDA61B0F64AC6618BCDAE15C0C732A018BABF68EE,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" 23542300x800000000000000058798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.922{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C65C3BE41EDEA92097372CDCD287C1B7,SHA256=346E04484C9E0AFC1C2CE5032D65A4CE770F1C548415F54D880D4134245944CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.889{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.889{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.832{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.832{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.808{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2537A7F1D9631E239922B001C525A88,SHA256=832AA6E843F1D390F53C0D008DE83A6706BA0A9BE4189E2A6497E440BDD6BD88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.806{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B350D179A29FBC915862682C26D961F5,SHA256=334F0B303C9C8083858FB40D7E5DD9B871F525F8930A61A213EB1B42DE5D7FFA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.localEXE2022-01-20 10:38:29.805{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe2022-01-20 10:38:29.805 17141700x800000000000000058790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-CreatePipe2022-01-20 10:38:29.789{6F5BEE90-3BA5-61E9-7D09-000000002102}4800\PSHost.132871487092321483.4800.DefaultAppDomain.powershellC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000058789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.784{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exeMD5=17FC12902F4769AF3A9271EB4E2DACCE,SHA256=29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B,IMPHASH=563F92D1CB750F339006B11E53047050truetrue 23542300x800000000000000058788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.777{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD6B25B191B4D57CCE50D15128DFCD18,SHA256=BB6EE2743166F0291C0A3C2990889F98FA491E3DEDD798587F933D2B6764E83D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.773{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000058786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.770{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_sqzfj55d.x03.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.732{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D033BA28FD06B67027134DEDAB670FBC,SHA256=A155C717A6BF7901721B130FCF7ECBA97EDB3F7472F8D4DDE8633DB76ED858CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.732{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=6ADD2E7454C4DCB7187B2879573CE631,SHA256=1C26C68135B62B5DE1F8C9EECFC72790768D61D5852AEBBCD6B2AF68D3D34E76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.685{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_2nfcmlgm.jzx.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.680{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.680{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.679{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.679{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.553{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8309-000000002102}6208C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.553{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8309-000000002102}6208C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.550{6F5BEE90-3BA5-61E9-8309-000000002102}62085348C:\Windows\system32\conhost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.522{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8309-000000002102}6208C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.516{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 534500x800000000000000058773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.516{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe 10341000x800000000000000058772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.512{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.511{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\seclogon.dll+17dc|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.504{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" rmdir 'C:\ProgramData\Microsoft\Windows Defender' -RecurseC:\Windows\System32\WindowsPowerShell\v1.0\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e72SystemMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe"C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" /WindowState 0 /CommandLine "rmdir 'C:\ProgramData\Microsoft\Windows Defender' -Recurse" /StartDirectory "" /RunAs 8 /Run 10341000x800000000000000058769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.502{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\seclogon.dll+1404|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.502{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x14c0C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\seclogon.dll+128d|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.502{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e62|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e2c|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.501{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.500{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.500{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.500{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.500{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.499{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.498{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E500-000000002102}4176C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 11241100x800000000000000058726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_2nfcmlgm.jzx.ps12022-01-20 10:38:29.482 10341000x800000000000000058725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0800-000000002102}476C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0700-000000002102}464C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0500-000000002102}392C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0200-000000002102}304C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.482{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e62|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e2c|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-8009-000000002102}5204C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.479{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.478{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.477{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.476{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.476{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.476{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.476{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E500-000000002102}4176C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.475{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.474{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.473{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.473{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.472{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.472{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.471{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.471{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.471{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.471{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.470{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.469{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.468{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0800-000000002102}476C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.467{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.467{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0700-000000002102}464C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.467{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0500-000000002102}392C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.467{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0200-000000002102}304C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.465{6F5BEE90-3BA5-61E9-8109-000000002102}45805920C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.459{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8009-000000002102}5204C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8009-000000002102}5204C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.444{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.433{6F5BEE90-3BA5-61E9-8009-000000002102}52046080C:\Windows\system32\conhost.exe{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.423{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.417{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.413{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+23cbb2(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1aaaa4(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1aa39c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1a759a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4) 10341000x800000000000000058597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.413{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8009-000000002102}5204C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 154100x800000000000000058596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.413{6F5BEE90-3BA5-61E9-8109-000000002102}4580C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe1.22Run a program with different settings that you choose.AdvancedRunNirSoftAdvancedRun.exe"C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" /WindowState 0 /CommandLine "rmdir 'C:\ProgramData\Microsoft\Windows Defender' -Recurse" /StartDirectory "" /RunAs 8 /RunC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=17FC12902F4769AF3A9271EB4E2DACCE,SHA256=29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B,IMPHASH=563F92D1CB750F339006B11E53047050{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" 10341000x800000000000000058595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.411{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 534500x800000000000000058594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.410{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe 10341000x800000000000000058593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.407{6F5BEE90-18A7-61E9-0500-000000002102}392508C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.406{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\seclogon.dll+17dc|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.404{6F5BEE90-3BA5-61E9-7F09-000000002102}2560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" stop WinDefendC:\Windows\System32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e72SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe"C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\sc.exe" /WindowState 0 /CommandLine "stop WinDefend" /StartDirectory "" /RunAs 8 /Run 10341000x800000000000000058590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.379{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\seclogon.dll+1404|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.379{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x14c0C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\seclogon.dll+128d|c:\windows\system32\seclogon.dll+10ac|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.315{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.315{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.299{6F5BEE90-3BA5-61E9-7E09-000000002102}12166436C:\Windows\system32\conhost.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.279{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.279{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.279{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.278{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.278{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.278{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e62|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e2c|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 23542300x800000000000000031800Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:29.720{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D37076EFD4F247476C1465EE5871641,SHA256=9A877855C72D4AE9F89A50739FB1D4FBF2B179733E3CFA459B801B933FF32DC1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E500-000000002102}4176C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0800-000000002102}476C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0700-000000002102}464C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0500-000000002102}392C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0200-000000002102}304C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+21a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.261{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e62|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e2c|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 354300x800000000000000031799Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:26.780{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51385-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000058490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1B0F-61E9-E500-000000002102}4176C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+9683|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0800-000000002102}476C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0700-000000002102}464C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A7-61E9-0500-000000002102}392C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.246{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0200-000000002102}304C:\Windows\System32\smss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-3BA5-61E9-7B09-000000002102}63084376C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe{6F5BEE90-18A4-61E9-0100-000000002102}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e57|C:\Windows\SYSTEM32\ntdll.dll+78145|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+96a7|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1e10|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1fae|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+218d|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+2846|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+1d55|C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe+b45e|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x800000000000000058422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-18A7-61E9-0A00-000000002102}6001592C:\Windows\system32\services.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-3BA4-61E9-7A09-000000002102}11045876C:\Windows\SysWOW64\WScript.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Windows\System32\windows.storage.dll+12427f(wow64)|C:\Windows\System32\windows.storage.dll+123f9f(wow64)|C:\Windows\System32\windows.storage.dll+123ce7(wow64)|C:\Windows\System32\windows.storage.dll+124cd5(wow64)|C:\Windows\System32\windows.storage.dll+123b11(wow64)|C:\Windows\System32\windows.storage.dll+125eea(wow64)|C:\Windows\System32\windows.storage.dll+1262f7(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\SHELL32.dll+1711b4(wow64)|C:\Windows\System32\SHELL32.dll+17108e(wow64)|C:\Windows\System32\SHELL32.dll+1ae43a(wow64)|C:\Windows\System32\shcore.dll+2fffa(wow64) 154100x800000000000000058419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.232{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath 'C:\'C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=65D86C34814C02569E2AD53FD24E7F61,SHA256=8133502266008B77DE7921451E1210B0EF3F0ED2DB7D8D3EE0C3350D856FA6FA,IMPHASH=5E0145CEF36FA9BFBA7DE33AA683B8ED{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Administrator\AppData\Local\Temp\2\Nmddfrqqrbyjeygggda.vbs" 10341000x800000000000000058418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-18A7-61E9-0500-000000002102}392408C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.230{6F5BEE90-18A7-61E9-0A00-000000002102}600296C:\Windows\system32\services.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000058416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.229{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{6F5BEE90-18A8-61E9-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x800000000000000058415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+10f0e|C:\Windows\system32\lsasrv.dll+1e908|C:\Windows\system32\lsasrv.dll+1db31|C:\Windows\system32\lsasrv.dll+1c350|C:\Windows\system32\lsasrv.dll+2878b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-18A7-61E9-0A00-000000002102}600C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+1b8ad|C:\Windows\system32\lsasrv.dll+2878b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.216{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.131{6F5BEE90-1B0F-61E9-E500-000000002102}41763520C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.115{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9278(wow64)|C:\Windows\System32\KERNELBASE.dll+d7f5c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+23cbb2(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1aaaa4(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1aa39c(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6635c16b19ad5b6c95a34cc4e7ec8e3\System.ni.dll+1a759a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4) 154100x800000000000000058402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.121{6F5BEE90-3BA5-61E9-7B09-000000002102}6308C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe1.22Run a program with different settings that you choose.AdvancedRunNirSoftAdvancedRun.exe"C:\Users\Administrator\AppData\Local\Temp\2\AdvancedRun.exe" /EXEFilename "C:\Windows\System32\sc.exe" /WindowState 0 /CommandLine "stop WinDefend" /StartDirectory "" /RunAs 8 /RunC:\Windows\SysWOW64\WindowsPowerShell\v1.0\ATTACKRANGE\Administrator{6F5BEE90-1B13-61E9-8513-0D0000000000}0xd13852HighMD5=17FC12902F4769AF3A9271EB4E2DACCE,SHA256=29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B,IMPHASH=563F92D1CB750F339006B11E53047050{6F5BEE90-3B87-61E9-7809-000000002102}4696C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" 10341000x800000000000000058401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.045{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.045{6F5BEE90-18AA-61E9-1600-000000002102}13241676C:\Windows\System32\svchost.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.045{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA4-61E9-7A09-000000002102}1104C:\Windows\SysWOW64\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x800000000000000059100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\Hibernate\LICENSE.TXT2017-11-17 19:46:18.121 23542300x800000000000000059099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\Hibernate\LICENSE.txtMD5=175792518E4AC015AB6696D16C4F607E,SHA256=58D1E17FFE5109A7AE296CAAFCADFDBE6A7D176F0BC4AB01E12A689B0499D8BD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\Hibernate\EC2HibernateAgent.PS12017-11-17 19:46:18.418 23542300x800000000000000059097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\Hibernate\EC2HibernateAgent.ps1MD5=5BE64E17926A062EB2DDD67E205F1EB4,SHA256=4A75ACC290E13416E24498BE3376D19AEE109E2B0A0E01F19AD31B24F0628336,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.977{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\cfn-bootstrap\library.zipMD5=6A276BFD1A0010A58FBE18A7AB93ABCA,SHA256=BE6EB5D2BE7F3436B2EEBD0E5C421404E847561E423CD5A96EA76DE0BBA51815,IMPHASH=420F1B1EBA5D9F1DE2CCC2B639E132CDfalsetrue 23542300x800000000000000059095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.941{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=718C3883A611693451A7A744E6F72AB8,SHA256=C331B0DDE3498A1EBB68C05116636B14F2510E61E501906B1DA99CF3C402C249,IMPHASH=00000000000000000000000000000000falsetrue 17141700x800000000000000059094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-CreatePipe2022-01-20 10:38:30.937{6F5BEE90-3BA5-61E9-8209-000000002102}3968\PSHost.132871487095042039.3968.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000059093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.926{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_xyhhn5xm.r20.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.925{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_142lv4j2.ywk.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.868{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C76DEABE403D57D2747EFEE33647929A,SHA256=6554F0296224ED5725B512B63DD044D76C9B609A64CFCF75722D212F6914F6F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.817{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E171838833D52E27A2DCDE3876DD0126,SHA256=F3EBF54CE764A27D62D155CB0310FB3A2717F23611F6D714A8C59C367460DB56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.816{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=3D198B14E3F4DE55EB59086CD3EA205F,SHA256=95A3124C83C88B51A50F3A3CC52DC5556C4BC6D209846080A07049C846792125,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.814{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=12C5169AF8A8EA209070EBD5F5227582,SHA256=B627B7576CAAB8B00D282F4C12B66E626E3CE58BDB256AB7199B4A6E82F935B7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.810{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\Temp\__PSScriptPolicyTest_142lv4j2.ywk.ps12022-01-20 10:38:30.810 10341000x800000000000000059086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.712{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000059085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.703{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+5460b|C:\Windows\System32\RPCRT4.dll+52cea|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\cfn-bootstrap\cacert.pemMD5=CC3D2CD6B035DC31B2614C1DF204848E,SHA256=6A4EEAFEAF28CC7750F5F7F6ED4F84D6F08DACB8AC151412332F732647694253,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.539{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\readme.TXT2022-01-20 07:59:12.964 23542300x800000000000000059082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.539{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\readme.txtMD5=3130C41D18F99B83D27C2A4083F1C047,SHA256=42AEB97DFD35B5352D3F79DC32911336EF59B6B38EE5571D3E2B09460365F5FD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.536{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\License.TXT2022-01-20 07:59:12.964 23542300x800000000000000059080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.535{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\License.txtMD5=DA110CDCADC141BEA8E32C64F7F80FE5,SHA256=72A99A393AFA877265D336CABB6C7BD762B12CB1FA210303AD61C125665D215B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\zh-tw.TXT2022-01-20 07:59:12.964 23542300x800000000000000059078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.532{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\zh-tw.txtMD5=ACFC57DE6B0E4489287BDAFE2062409A,SHA256=37C79297F8D4E491D681B556C23D957BC830068AE1D5F4535FD054C2233F3474,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.530{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\zh-cn.TXT2022-01-20 07:59:12.964 23542300x800000000000000059076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\zh-cn.txtMD5=0AAE98F500CE669DA6A4FCC33AEA04E9,SHA256=7CF13E7434E6C062A29B964C026B2F66E75ECF541228665BF0C826EF7C0FE133,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\yo.TXT2022-01-20 07:59:12.964 23542300x800000000000000059074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\yo.txtMD5=698AF9267C08D61B712417491DA6A3BB,SHA256=FFAB6B91FFD2D3C2B1F7F431B47F7D28AA17A11587B876565613BB26C173402B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\vi.TXT2022-01-20 07:59:12.964 23542300x800000000000000059072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.522{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\vi.txtMD5=044531D134ACA40D5E57CC0AB96B4940,SHA256=3A6DCA3E1B5C8190C81FC859B5BE83EAF54EFDCAA148F4374D1225381083406F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.519{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\va.TXT2022-01-20 07:59:12.964 23542300x800000000000000059070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.519{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\va.txtMD5=639741F687D4427C9D3B170B1CED41A9,SHA256=F43C31BD959A752EEFBB7C76ED918C4CACD50D43706121C55093D72A638FA7A5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uz.TXT2022-01-20 07:59:12.964 23542300x800000000000000059068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.515{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uz.txtMD5=3035144EEA3A382E39541B218A5D813A,SHA256=A310044DBC86E2441F0D50BB7D7DADB9879359B0C6CEB1FAF413A0459E07045B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.512{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uz-cyrl.TXT2022-01-20 07:59:12.964 23542300x800000000000000059066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.512{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uz-cyrl.txtMD5=7AFEDBD6E9EF3A4A2A99BC1BCB133605,SHA256=2DD421A44AD779D961C951F01E7ABF4AC358C61CE26EA8311A0C902B4FC77CA3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uk.TXT2022-01-20 07:59:12.964 23542300x800000000000000059064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.508{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\uk.txtMD5=D125EF7F9A009CFE4093152E48055AC1,SHA256=53235CB228DBBB5207F18BD0B318F54FDA9F9F5B05094EA6AC7AE368216CC4EF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.505{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ug.TXT2022-01-20 07:59:12.964 23542300x800000000000000059062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.504{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ug.txtMD5=EF3E8D61D03E42A3B40D6F0B12535ADB,SHA256=9D0268D1EEB8DFDEBBB8EA1033C2B99CD667A244C9859085BE5D54C9E5CED369,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.501{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tt.TXT2022-01-20 07:59:12.964 23542300x800000000000000059060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.501{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tt.txtMD5=6E299B81EDACF15FACE1271D032CC5A0,SHA256=18479D66E0C8B5144EA32CC9D6B58EB8748E80D2C3BDEC0DBD99BBC3AB42495D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tr.TXT2022-01-20 07:59:12.964 23542300x800000000000000059058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.495{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tr.txtMD5=C69BE29E4448A858180DAF367464D531,SHA256=4816929C4BB958CE8D64D14DF47F0B6A35DCF0E7EB88201EAA93AF541894E354,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.490{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tk.TXT2022-01-20 07:59:12.964 23542300x800000000000000059056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tk.txtMD5=75C23D0431BC83CA17308F08D1173C1D,SHA256=75EFF9DE596459F3EBA755B5C4C8CE635AF2CECDBAE40749DF348C97A2E56EE0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.485{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\th.TXT2022-01-20 07:59:12.964 23542300x800000000000000059054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.484{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\th.txtMD5=8EE06A03DC18E5F8BC750CB6A78F6D9C,SHA256=01E7B965BD4B722003F74B4E4B30EF6A1BAEA67108816D1B9F8D6ADD39C7FA10,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.481{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tg.TXT2022-01-20 07:59:12.949 23542300x800000000000000059052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.480{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\tg.txtMD5=4A5529986613CDF743B3F7755F8F5CAE,SHA256=1CEDD8F699940FECACACBC5DF093BA70FB2099FAF9864376A3D990DA78B8E075,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ta.TXT2022-01-20 07:59:12.949 23542300x800000000000000059050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ta.txtMD5=228CA6D7B8D850853233C4575A7EBF1F,SHA256=0A3B285566BBEB3F188B3C72BA21CBFC545EA05471EAB706E972C828DA5234E0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sw.TXT2022-01-20 07:59:12.949 23542300x800000000000000059048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.472{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sw.txtMD5=EE27959AEF24CEF2EC07684CF420B2DD,SHA256=AAEB1631458E448B678579CE369FD0A6D66E0FB02B9218328C537EE38636C557,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.469{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sv.TXT2022-01-20 07:59:12.949 23542300x800000000000000059046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.469{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sv.txtMD5=2EC8B6F0C0C05157AE90ABA540DEBED1,SHA256=54112B265EC01759ADBF72DC856FF0F9DBB2B3029EFF8A56DE08DFFC5D3DC954,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.466{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sr-spl.TXT2022-01-20 07:59:12.949 23542300x800000000000000059044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.465{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sr-spl.txtMD5=FD327F424C7E4F23D2C018DED334A1B5,SHA256=D5A250B45BD51267E2B0D78CF60E7F14113419565F9B95C2B1113963396570A5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.462{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sr-spc.TXT2022-01-20 07:59:12.949 23542300x800000000000000059042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.462{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sr-spc.txtMD5=FFD26304B9B5FAE8547703515E84460D,SHA256=283DD99EC8D13784B3D79C36766CDB16DAC0EDE0C1C09E8B1EFA64F5DC2C1A55,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.459{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sq.TXT2022-01-20 07:59:12.949 23542300x800000000000000059040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.458{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sq.txtMD5=F5C16D9111631A7280AE99C89D5BE4E3,SHA256=40A3FC08E4B2CA3D691C08B9382B2E9FA391F9123A0769052294D93BC2983734,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sl.TXT2022-01-20 07:59:12.949 23542300x800000000000000059038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sl.txtMD5=7004B98D09316E84156B91C54888C9D4,SHA256=548AA8422A228617B30FBD448D03C38C3A11D010051A24544CF8AE479314ACD8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.452{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sk.TXT2022-01-20 07:59:12.949 23542300x800000000000000059036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.451{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sk.txtMD5=CA2B22D21945A478757A099EEAFDF9A9,SHA256=E571C0D87B50F4659099B4CA618057533C22578066E411C5CEB3DF8BE1E77CFF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\si.TXT2022-01-20 07:59:12.949 23542300x800000000000000059034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.447{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\si.txtMD5=2B78E18BCB07CB8D59D8682502576F8E,SHA256=3899EDD17A78BC729278304F7B0AE7750C422A5BA684AAC9EDC15B8527A229DA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.443{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sa.TXT2022-01-20 07:59:12.949 23542300x800000000000000059032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.443{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\sa.txtMD5=9FE4DA297163A84FE9D0B0289B1AF077,SHA256=A44E8C328BF809890AA6CA883E2CB82B6C5207D9636E9A91253DA4CD893668C8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.440{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ru.TXT2022-01-20 07:59:12.949 23542300x800000000000000059030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.439{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ru.txtMD5=B5CEC4D03D2D9E162137E475C54AFBC3,SHA256=AC73D4810639114C3269E3BEAEC84ECAC9473CA6FBC248D804A09DF2B33E4351,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.436{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ro.TXT2022-01-20 07:59:12.949 23542300x800000000000000059028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.435{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ro.txtMD5=E3EE837F02A1F6E4B2213EB36C025284,SHA256=F168BB4D026782134CC6C261006B815850E753A27FB47C4F23EE617666459A66,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pt.TXT2022-01-20 07:59:12.949 23542300x800000000000000059026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.432{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pt.txtMD5=E6F09B147CB07532C12E47B05CCF87B7,SHA256=55807ED90AE0D9216B93EC7E1D0571CB16D7F9DB40723581AEFC4EA829D4D182,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pt-br.TXT2022-01-20 07:59:12.949 23542300x800000000000000059024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pt-br.txtMD5=7B02E1AE16E2E709D7C97DE560B4DBE9,SHA256=DA0B58F52BBC131F967942D1D8E9DE1B5721AE864BC21852A0AD4062332297CB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.425{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ps.TXT2022-01-20 07:59:12.949 23542300x800000000000000059022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.424{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ps.txtMD5=8F15262B3C1CF560B6352FAE4A5FDE21,SHA256=881B19DD1F74251E475855B8BDB53CE9AF1C3D2654A9331B069A3C273F723769,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pl.TXT2022-01-20 07:59:12.949 23542300x800000000000000059020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.420{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pl.txtMD5=2CDF63E6B3F3A474465D0D88E5386718,SHA256=223C109301A7BBF01FC57C42609083B28E3FCEDEDC1F6E6DCDFDC8EC1580C51D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pa-in.TXT2022-01-20 07:59:12.949 23542300x800000000000000059018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\pa-in.txtMD5=6C48ED7DEBA6D3EFE6447BE948471810,SHA256=377F793EEDF3A935DDD6260D72AC3CADA9391AAFDF1F019D0BE72BE2B83A5DD9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nn.TXT2022-01-20 07:59:12.949 23542300x800000000000000059016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nn.txtMD5=366B85BF575444D20944DB387F94564E,SHA256=E6922E17B7622361BC4D07E76874A919E3095B477ED008986B94F84A931CB22F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nl.TXT2022-01-20 07:59:12.949 23542300x800000000000000059014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nl.txtMD5=54169E744254BB5A4182BCB2678F8479,SHA256=8A74F64C91C25DA6056B054D388BF1BBD97384AD7D0086F86DF0240E077C6149,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.405{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ne.TXT2022-01-20 07:59:12.949 23542300x800000000000000059012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.405{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ne.txtMD5=C7ED0560A6145A417B1E92546ED6B0F1,SHA256=C129F67193295736E1C1FF4AC7245CBD737A07EA6073B43FD22AC767F3D56E23,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nb.TXT2022-01-20 07:59:12.949 23542300x800000000000000059010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.401{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\nb.txtMD5=7071CABD6FB28CEEDDEAC8B934879855,SHA256=694481B64E223F9BDD0936F89138EF735CEB92AC962D9DD21682109BA81B9697,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.397{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ms.TXT2022-01-20 07:59:12.949 23542300x800000000000000059008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.397{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ms.txtMD5=91DA4B7D7CB3B5EB4304394E0C4CAAF2,SHA256=31AB339E581D0D13A43CADDE7C0D1E11CC03A6D8C92B91F8FE79963A6982DFF5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.387{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mr.TXT2022-01-20 07:59:12.949 23542300x800000000000000059006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.387{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mr.txtMD5=2E9FC42DBD17E30F8DB8205FA2D18543,SHA256=08B8F7FF35DD4315133E04FD17B6FB896D63B9C87040A2CC68A83E81EA4EFD78,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mng2.TXT2022-01-20 07:59:12.949 23542300x800000000000000059004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.384{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mng2.txtMD5=A0D06DC2B7F53ACD8CDEBF7864080CD1,SHA256=47BFE43F3F5A88A0F366FB317A542CDC1E216F8C368DDC67252480EDE7D130F4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.381{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mng.TXT2022-01-20 07:59:12.949 23542300x800000000000000059002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.381{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mng.txtMD5=BA28C5C312D1A7827B40ED84F1F6F85B,SHA256=92898472C1DB5248B0556FB5BAFDA8090684249B561DE5EF2A84C10F2F4383CA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mn.TXT2022-01-20 07:59:12.949 23542300x800000000000000059000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mn.txtMD5=8756027ADF94B3CC3D6C42F0D3FB4AF0,SHA256=CF5245D17224F85011ED85062957DBFD936DD760A214980FC8F2EB69E6BA3CFC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.375{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mk.TXT2022-01-20 07:59:12.949 23542300x800000000000000058998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.375{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\mk.txtMD5=71D42ABE45803AC9C3DA5FCACF9CC59C,SHA256=78F5CB9345AB258CF745EAA90D44C7A7A73D3FE06EA182B1298A989135FFA11F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.371{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lv.TXT2022-01-20 07:59:12.949 23542300x800000000000000058996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.371{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lv.txtMD5=341CC2C7302AE8E91B286D9EFFF55693,SHA256=4DE5F75C5E05EC4FABFC2D266AE5B254F0C335C822523A0A7F7EDC60E35A5E0D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.367{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lt.TXT2022-01-20 07:59:12.949 23542300x800000000000000058994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.367{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lt.txtMD5=92D03523DD0E7E7B2862A6396ABAD455,SHA256=C5DA5B37BE32FA4CDD8B938D479C0327B84C9F83C948EB7E65F4DDC15A6BEEAE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lij.TXT2022-01-20 07:59:12.949 23542300x800000000000000058992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.363{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\lij.txtMD5=372BC4A26B676C48CF8FEFAB3711B91D,SHA256=431CAE1BB77633FDF3CE339E97BC5D5D885779DECC01ED03583E381F097A2487,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ky.TXT2022-01-20 07:59:12.949 23542300x800000000000000058990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ky.txtMD5=7D0420EE265C9122DC11EF964871E179,SHA256=4EF68FBD8AB002BBF4CD6D1C9FD6D87A5FDE048AFD2EF162B727259EB97D70D2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.356{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ku.TXT2022-01-20 07:59:12.949 23542300x800000000000000058988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.356{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ku.txtMD5=6E9A3E86335C08C15350BA91DF969269,SHA256=A00B21A87A58ADEFF29EA379160B6AE72DF5EC380F6E4C6A1BC352B6581FB4C4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.352{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ku-ckb.TXT2022-01-20 07:59:12.949 23542300x800000000000000058986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.352{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ku-ckb.txtMD5=C90D029172A8533946EF7419BF383305,SHA256=19AF39960142B8599153A09EF4F03F944FC00999BEB9FE2399F5F8B236716EEF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.348{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ko.TXT2022-01-20 07:59:12.949 23542300x800000000000000058984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.347{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ko.txtMD5=55E8685AC21571F0B5F11A4D5FA088F9,SHA256=58A2DD10438C1199653C1BCD88C520DDB437FA8E01BCF311130ADA0A626151C7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.342{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kk.TXT2022-01-20 07:59:12.949 23542300x800000000000000058982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.342{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kk.txtMD5=F4C46B450A580AD5ABF0B638DCDCC6FB,SHA256=F2E6E55C102485E232DAAD00F68D8905F7A54F8AE2128DB6AFE25231C17ACD69,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kab.TXT2022-01-20 07:59:12.949 23542300x800000000000000058980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kab.txtMD5=C6AC7AAD8BCE83AC69F197DB9D4529F8,SHA256=B8A7A5182DFDACC9BACCB412E161C60864D3B5D30038935122C736AE4F4EBC22,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kaa.TXT2022-01-20 07:59:12.933 23542300x800000000000000058978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\kaa.txtMD5=DFBA5C2185E113EEF167A5E21C32DF76,SHA256=4D631602CE3D0C4D9162AF6BF56A90C8EEF75A24D556B729191B62F79ABA0681,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ka.TXT2022-01-20 07:59:12.933 23542300x800000000000000058976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.332{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ka.txtMD5=EB2AF4DC4C28275AE1876523944D708E,SHA256=B78DEFEC49D07120B74C2172F3E07540314771B16729C6BBFC3A1902ECE2EDA0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ja.TXT2022-01-20 07:59:12.933 23542300x800000000000000058974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ja.txtMD5=470B0CA449E9F34BB34244A7EF39441B,SHA256=B0150C2B3D2AD9B37A7F47A24466AEA4A56CED728CAF12D02B407FD0080602AB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\it.TXT2022-01-20 07:59:12.933 23542300x800000000000000058972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\it.txtMD5=87EFE148B443C6B50EAB945E27F9B39A,SHA256=DD0A9A9CE33D25A9F6C461A6E43721E975B8B1E189C3D5B81F1DAD0FF12870BE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.322{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\is.TXT2022-01-20 07:59:12.933 23542300x800000000000000058970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.321{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\is.txtMD5=F361950B7D1BB073EF48CA729B7ED5EA,SHA256=F4F9D6DFD36512F027452499B083AD0656DF6503CE03E4E4CC45B925F1F1D678,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.318{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\io.TXT2022-01-20 07:59:12.933 23542300x800000000000000058968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.318{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\io.txtMD5=DF8BD55B7A296DA48C8705E1D00BAD7E,SHA256=60EDA200D8D995626FDFB1D523F02A9AA538CE5E8EE5028B41293F615A9D451A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.315{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\id.TXT2022-01-20 07:59:12.933 23542300x800000000000000058966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\id.txtMD5=73B9F189F0C37D7CF37DF8DB89FB52AF,SHA256=18C4531E9FC00ED242F1C0526DBCD0A3D1ADA9BCFEE651AE950328AC872A216F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.312{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hy.TXT2022-01-20 07:59:12.933 23542300x800000000000000058964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.311{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hy.txtMD5=1362C3C286CFF992117D5466BBE284F6,SHA256=D8F60BF92541D20D01F6DDD56D49F25519303FD16E285E18080BE6815B74B8A8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hu.TXT2022-01-20 07:59:12.933 23542300x800000000000000058962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hu.txtMD5=EEBEA9C4E71A5D2820F5E8972822800F,SHA256=EF79E98FC911E0D0D16BD061A65F50F5E50CAA011699852E1608A2629B8BA37D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hr.TXT2022-01-20 07:59:12.933 23542300x800000000000000058960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hr.txtMD5=A0A8A75560EFCF15801C96E6D71BECC3,SHA256=A72F01215EBA3BE3AF6659129DD20F7A42D74F1DA08658A9C8CE8E303C3E8F64,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.300{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hi.TXT2022-01-20 07:59:12.933 23542300x800000000000000058958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.299{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\hi.txtMD5=A0FC3C3D880A54918D86B40FFDA12F23,SHA256=8CCE5E5A846196DAC3649483290160177F47D88A7DCF0E85ACFD3131856A266A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\he.TXT2022-01-20 07:59:12.933 23542300x800000000000000058956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.295{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\he.txtMD5=1B53819F8D58FD734B5FD985756B557C,SHA256=DCD061A0A7B29F55FA28D4396F60881836C2DF07CD936412C476A7F149540CC4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.291{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\gu.TXT2022-01-20 07:59:12.918 23542300x800000000000000058954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\gu.txtMD5=410C8A33C66B4B2BC707E113D9C76914,SHA256=9025D8A58E0C76B186C943EF8A73A1BBA6C08945E346DE14D3C255CCFA3A10E6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\gl.TXT2022-01-20 07:59:12.918 23542300x800000000000000058952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.287{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\gl.txtMD5=492E51B4B5B287FE2B90A5F0BD433847,SHA256=54F676333CE58AF67B839B0F0470F99F405B5CE7FDB9C345A19D00B6423277E5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ga.TXT2022-01-20 07:59:12.918 23542300x800000000000000058950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.284{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ga.txtMD5=B4295E254B9DFC90E0093188257C007C,SHA256=406669ECBDF562E773B9CDF831CF5F63C3DD1A012C3521A41227C9141511D959,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.279{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=E099A9CE19DDAC7415911FB2B94051F3,SHA256=7B7C29671AD33F7657F16ABECCE1144E5EE06EA34FEE9E2004DB7AF1EDAEFFE0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fy.TXT2022-01-20 07:59:12.902 23542300x800000000000000058947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fy.txtMD5=0111890C0137974FCE2D79B6D22E5686,SHA256=9FE460264AF4ABD9FF23EAB79387EBB52B4498758645CD5721E75FD7B747E536,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.278{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=924D2D6A0B078A9C1A854124DD8C65C5,SHA256=018287FDDD3595C0C9C5E6BE621D733989CC5077C499F3658ACA2B9F4954D29F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.274{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fur.TXT2022-01-20 07:59:12.902 23542300x800000000000000058944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.274{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fur.txtMD5=DFD698A0F6ED7BF405A8FDD6F33B2315,SHA256=FC944EAA7883341372EBD5EF0E2F236CA248B2996A902240A75218541B600E72,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.269{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fr.TXT2022-01-20 07:59:12.902 23542300x800000000000000058942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.269{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fr.txtMD5=B1B6E1C3CF5247EC1618A88F9853D54D,SHA256=CC283E9B0C1822F757372C21F179710C4592A2F7755E706C48065BCFE70BBA5B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fi.TXT2022-01-20 07:59:12.902 23542300x800000000000000058940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fi.txtMD5=7AC9D88F81AACEF8759E510E9601A4B9,SHA256=24D66C5733314F3F72B7CA0F5CEB5A3246726DDDEFCF2F033715188EDB062DB5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fa.TXT2022-01-20 07:59:12.902 23542300x800000000000000058938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.260{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\fa.txtMD5=952328B44391B1D4196DFE1F832A16A2,SHA256=05851BA54B24D7FD45179419AEE91A2D40BCAB62E6AAB99C1A92189FB636BBB2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.256{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ext.TXT2022-01-20 07:59:12.902 23542300x800000000000000058936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.256{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ext.txtMD5=F048977CDC74FF4D1F045FB3FD5D0118,SHA256=3CD8B8633FBC076EE07BF58DA6E01AB692DF461381A2BAD4EF5512C653DA46E4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.251{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\eu.TXT2022-01-20 07:59:12.902 23542300x800000000000000058934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.250{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\eu.txtMD5=29EC04893F6B2C9058A8F1E0BEAF9081,SHA256=536D93CA6D7C96D203B51333C4E78DE2429F78D32CC321461589626759C84127,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\et.TXT2022-01-20 07:59:12.902 23542300x800000000000000058932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.246{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\et.txtMD5=54D610C174514D0F60B382249885963C,SHA256=D3FC7E1DD6F0486C99997B75D9D8C5592DA6CFB9B89C3EC4F59E7BC5826B3456,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.244{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AE2463D43E9B74716A19517CEE74BE0,SHA256=4B25236DDD5F4BB99908C5C454200030FA2DDA04BBB56AE9C935D0A6415AB037,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\es.TXT2022-01-20 07:59:12.902 23542300x800000000000000058929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\es.txtMD5=5A449308A0176D6401181BEF4AF13765,SHA256=7DDDAE25296F14C1F45AC032D9C950C3A8D39A41489F9D2B06000EDCFA7A6660,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.237{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\eo.TXT2022-01-20 07:59:12.902 23542300x800000000000000058927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.237{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\eo.txtMD5=53BC9385D0EA9E7E601BBE9B2CD5E3CF,SHA256=D598733B1DD7FA37FD156348BC2BAE5549DBD6C709125D1D40F43EFF6BEC2445,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\el.TXT2022-01-20 07:59:12.902 23542300x800000000000000058925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\el.txtMD5=812DF218DAE08F9F883A7455015707B2,SHA256=CF90A21C69A13E0D674B6B74E2904F7D9D3BEE594D89862155D94105311F47A7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\de.TXT2022-01-20 07:59:12.902 23542300x800000000000000058923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\de.txtMD5=40AE22F5BCBEAB6F622771562D584F2B,SHA256=06E5265A2B30807296480DC0B0D3A27E41F1381D61229E4EB239C4930D14A43E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.225{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\da.TXT2022-01-20 07:59:12.902 23542300x800000000000000058921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.224{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\da.txtMD5=D8ABA2DA47C1031832957B75A6524737,SHA256=F65026AE33D4302A7EF06A856F6F062C9730100F5A87D5C00FB3FEAF5FCD5805,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.221{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\cy.TXT2022-01-20 07:59:12.902 23542300x800000000000000058919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.221{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\cy.txtMD5=0F5662A68805D859F871EDC07E766A57,SHA256=931DE741A6C8F1348A946623776FE36C55DD2FC384C7B1478225F7467853199E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.215{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\cs.TXT2022-01-20 07:59:12.902 23542300x800000000000000058917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.215{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\cs.txtMD5=641B90F9AEDFC68486D0D20B40F7ECA6,SHA256=87A4B9369FD51D76C9032C0E65C3C6221659E086798829072785BE589E55B839,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\co.TXT2022-01-20 07:59:12.902 23542300x800000000000000058915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.211{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\co.txtMD5=C76B8C615C11469D5F6DFF0ABF39171E,SHA256=5470B36A4A715DECA06035333A01E0A2899FCE1CF6C29A6ECE4C35CFCC843CFD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.208{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ca.TXT2022-01-20 07:59:12.902 23542300x800000000000000058913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.208{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ca.txtMD5=1657720023A267B5B625DE17BF292299,SHA256=ED8748DA8FA99DB775FF621D3E801E2830E6C04DA42C0B701095580191A700A6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\br.TXT2022-01-20 07:59:12.902 23542300x800000000000000058911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.204{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\br.txtMD5=C2EB67D788756BE5ECAA0A8CFB3D1E0B,SHA256=0F6BF6749C42C844980DB32EE56CADC987CE245EF650BC7D626D56468A7CBE6A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\bn.TXT2022-01-20 07:59:12.902 23542300x800000000000000058909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\bn.txtMD5=D0E788F64268D15B4391F052B1F4B18A,SHA256=216CC780E371DC318C8B15B84DE8A5EC0E28F712B3109A991C8A09CDDAA2A81A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\bg.TXT2022-01-20 07:59:12.886 23542300x800000000000000058907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.196{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\bg.txtMD5=833AFB4F88FDB5F48245C9B65577DC19,SHA256=4DCABCC8AB8069DB79143E4C62B6B76D2CF42666A09389EACFC35074B61779E3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.193{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\be.TXT2022-01-20 07:59:12.886 23542300x800000000000000058905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.193{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\be.txtMD5=3C21135144AC7452E7DB66F0214F9D68,SHA256=D095879B8BBC67A1C9875C5E9896942BACF730BD76155C06105544408068C59E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ba.TXT2022-01-20 07:59:12.886 23542300x800000000000000058903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ba.txtMD5=D83B65AC086DA0C94D6EB57BEE669C2B,SHA256=2901B54F7621C95429658CB4EDB28ABD0CB5B6E257C7D9A364FC468A8B86BAAE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.186{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\az.TXT2022-01-20 07:59:12.886 23542300x800000000000000058901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.186{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\az.txtMD5=81B732A8B4206FB747BFBFE524DDE192,SHA256=CAEC460E73BD0403C2BCDE7E773459BEA9112D1BFACBE413D4F21E51A5762BA6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ast.TXT2022-01-20 07:59:12.886 23542300x800000000000000058899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ast.txtMD5=1F86AE235BC747A279C9E9EC72675CE4,SHA256=8FCD1B8CE6FED05F406C4B81AEA821132800BC494D3FD6F42A4258A81F8998EC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ar.TXT2022-01-20 07:59:12.886 23542300x800000000000000058897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\ar.txtMD5=1C45E6A6ECB3B71A7316C466B6A77C1C,SHA256=972261B53289DE2BD8A65E787A6E7CD6DEFC2B5F7E344128F2FE0492ED30CCF1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.177{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\an.TXT2022-01-20 07:59:12.886 23542300x800000000000000058895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.176{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\an.txtMD5=BF8564B2DAD5D2506887F87AEE169A0A,SHA256=0E8DD119DFA6C6C1B3ACA993715092CDF1560947871092876D309DBC1940A14A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.173{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\af.TXT2022-01-20 07:59:12.886 23542300x800000000000000058893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\Lang\af.txtMD5=FBBE51ACB879B525CC6B19D386697924,SHA256=3793FB69EE9FD958CF15A272B1ED54E4B3D75592836EBCD085DC0E7B1400D1CB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.169{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\History.TXT2022-01-20 07:59:12.886 23542300x800000000000000058891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.169{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\7-Zip\History.txtMD5=D68C7D03873EB191F46BCC0CB6A89664,SHA256=5355372CAD5A5142BC7A0991BD84DBB751BF65A4C272E9C7EDDF48CEE79DD24B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ConfigureRemotingForAnsible.PS12022-01-20 07:54:50.096 23542300x800000000000000058889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\ConfigureRemotingForAnsible.ps1MD5=CBB522658DEF53FF775CF80FB8AFD328,SHA256=4B51CC6165414B2BF7A2F32CE161EB1029CDFD916EAFAC8AD7FFEF9418C37C2B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.160{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\caldera_manx_agent.PS12022-01-20 08:06:29.495 23542300x800000000000000058887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.160{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\caldera_manx_agent.ps1MD5=6AD07097CEA7A6CB6979C3AC69D8D72D,SHA256=1486E9F02BC766DFA0D120B156487E3C59B9AD85CA3157D833C62E4B83EC710C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000058886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\caldera_agent.PS12022-01-20 08:06:16.226 23542300x800000000000000058885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\caldera_agent.ps1MD5=9294487DA7B23C6DC47040B8AE6D4CEC,SHA256=3008ACD5FBB98120EAB50E5E7D008E2F28A5E1A63395B858287C550C95841BCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.121{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39830AE2E5ED10092562BA031897C9E4,SHA256=2DAABB6A47B808E6C24402A61D475B1053B6AD3A72046EDDCEA90C0E60ED4AD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000058883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.104{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\$Recycle.Bin\S-1-5-21-3390778582-3319667597-4011983492-500\desktop.iniMD5=A526B9E7C716B3489D8CC062FBCE4005,SHA256=E1B9CE9B57957B1A0607A72A057D6B7A9B34EA60F3F8AA8F38A3AF979BD23066,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.091{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA6-61E9-8509-000000002102}6432C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.091{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA6-61E9-8509-000000002102}6432C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.087{6F5BEE90-3BA6-61E9-8509-000000002102}64326912C:\Windows\system32\conhost.exe{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.079{6F5BEE90-1B0F-61E9-E500-000000002102}41762952C:\Windows\system32\csrss.exe{6F5BEE90-3BA6-61E9-8509-000000002102}6432C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5179f 23542300x800000000000000058878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.073{6F5BEE90-3B87-61E9-7809-000000002102}4696ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-InteractiveMD5=D06F48411211A2CE42A58DC26126DC05,SHA256=DE4C5F1651647161E035AA83936EFB85E0C294E1ED7A135088360EDD9876C6DE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.050{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.050{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8309-000000002102}6208C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.050{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-7E09-000000002102}1216C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3BA5-61E9-7C09-000000002102}4792C:\Windows\servicing\TrustedInstaller.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3B87-61E9-7909-000000002102}5084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3B76-61E9-7209-000000002102}5796C:\Windows\system32\DllHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.049{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3AA2-61E9-5609-000000002102}92C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.048{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3AA2-61E9-5509-000000002102}3436C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.048{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-3549-61E9-A608-000000002102}2936C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.048{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2D48-61E9-B407-000000002102}4080C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.048{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2D48-61E9-B307-000000002102}5484C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.047{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2D0D-61E9-AB07-000000002102}5532C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.046{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2D0D-61E9-AA07-000000002102}5544C:\Temp\hiew32demo.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.046{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2AC2-61E9-3207-000000002102}1112C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-2AC2-61E9-3107-000000002102}4508C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-269A-61E9-B006-000000002102}5572C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1FE8-61E9-D805-000000002102}2820C:\Program Files\Greenshot\Greenshot.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1D12-61E9-4D04-000000002102}6952C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.045{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBF-61E9-8B03-000000002102}6916C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBD-61E9-8503-000000002102}6656C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBC-61E9-8203-000000002102}4352C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBC-61E9-8103-000000002102}7052C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CBB-61E9-7A03-000000002102}3596C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.044{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1CB8-61E9-7203-000000002102}6636C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.043{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B26-61E9-1201-000000002102}5320C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.043{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B24-61E9-1101-000000002102}5640C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.043{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|UNKNOWN(000000000723424E)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5)|UNKNOWN(00000000070F4B75)|UNKNOWN(00000000070F485E) 10341000x800000000000000058848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.041{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B14-61E9-F200-000000002102}5076C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.041{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B14-61E9-EF00-000000002102}4972C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B10-61E9-E900-000000002102}996C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1933-61E9-9400-000000002102}2916C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-1B0F-61E9-E600-000000002102}4164C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18CD-61E9-7700-000000002102}484C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.040{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18BB-61E9-4800-000000002102}3776C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18BB-61E9-4700-000000002102}3764C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18BA-61E9-4000-000000002102}3560C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B9-61E9-3500-000000002102}3304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-3100-000000002102}2692C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-3000-000000002102}2372C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2F00-000000002102}3024C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.039{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2E00-000000002102}3016C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.038{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2D00-000000002102}2992C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.038{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.038{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2B00-000000002102}2976C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.038{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.037{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2900-000000002102}2920C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.037{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B8-61E9-2700-000000002102}2904C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.037{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B7-61E9-2600-000000002102}2772C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.037{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18B3-61E9-2300-000000002102}2608C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.036{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AF-61E9-2200-000000002102}2500C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.036{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AF-61E9-2100-000000002102}2492C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 23542300x800000000000000058823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.036{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_u42uo2ui.03x.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.036{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AB-61E9-1F00-000000002102}2140C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1700-000000002102}1428C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1600-000000002102}1324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1500-000000002102}1264C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 23542300x800000000000000058818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_vu33ljna.45p.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000058817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1400-000000002102}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1300-000000002102}336C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1200-000000002102}352C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1100-000000002102}480C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.035{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-1000-000000002102}356C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-0F00-000000002102}344C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18AA-61E9-0E00-000000002102}984C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18A9-61E9-0D00-000000002102}888C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18A9-61E9-0C00-000000002102}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.034{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18A7-61E9-0B00-000000002102}608C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 11241100x800000000000000058807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.032{6F5BEE90-3BA5-61E9-7D09-000000002102}4800C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_vu33ljna.45p.ps12022-01-20 10:38:30.032 10341000x800000000000000058806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.031{6F5BEE90-3B87-61E9-7809-000000002102}46966652C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe{6F5BEE90-18A7-61E9-0900-000000002102}548C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6ae8(wow64)|UNKNOWN(0000000006961843)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+f066(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+1230a(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27791(wow64)|C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll+27896(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+408589(wow64)|C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b0d4a8e8efb07150abb5e70e313bc814\mscorlib.ni.dll+40809a(wow64)|UNKNOWN(00000000070F7050)|UNKNOWN(00000000070F6BD4)|UNKNOWN(00000000070F5F69)|UNKNOWN(00000000070F5783)|UNKNOWN(00000000070F436A)|UNKNOWN(00000000070F42B6)|UNKNOWN(00000000070F25A5) 10341000x800000000000000058805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.997{6F5BEE90-1B0F-61E9-E500-000000002102}41764072C:\Windows\system32\csrss.exe{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000058804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.997{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.997{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.996{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000058801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.996{6F5BEE90-18A9-61E9-0C00-000000002102}8283272C:\Windows\system32\svchost.exe{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000031801Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:30.736{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D985F1EAD1C5B0D77426C78C3B5F7708,SHA256=C974D490FCB55D3179E1D6F5AD65D517BDC4037F3136A2EE29C135E51CB88DF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.983{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hr-HR\mpuxagent.dll.muiMD5=D6F9AFCC916DBED55F85C92AD37789E0,SHA256=8FEB606A96406D9D577FED85746CABFC2BD732E4E69FA6E672FAAEE368C33901,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.983{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_ie.msgMD5=30E351D26DC3D514BC4BF4E4C1C34D6F,SHA256=E7868C80FD59D18BB15345D29F5292856F639559CFFD42EE649C16C7938BF58D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.980{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74BD56118F172647D50F93BEF2F9C8C6,SHA256=F6A17B1BBAFF703E9E2F3C6091C14B1A3DA7ED8B5494B539AC8AE20BD628AAC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hr-HR\MpAsDesc.dll.muiMD5=2070095BD1B455178CF0308064EA9E03,SHA256=7D0A7E01D342D95CEE088D0406B54D38478DD2B717DF1E46BA8F9D33F0F36D65,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_hk.msgMD5=27B4185EB5B4CAAD8F38AE554231B49A,SHA256=C9BE2C9AD31D516B508D01E85BCCA375AAF807D6D8CD7C658085D5007069FFFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_gb.msgMD5=07C16C81F1B59444508D0F475C2DB175,SHA256=AE38AD5452314B0946C5CB9D3C89CDFC2AD214E146EB683B8D0CE3FE84070FE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.932{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hi-IN\mpuxagent.dll.muiMD5=52D701C3D270A2783E89EF8711ED4383,SHA256=4EC411DDEE07C86BBA7F9342A2AA57233EE6903AD4EFB7DE0EC35FD701708CF4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.932{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_ca.msgMD5=F9A9EE00A4A2A899EDCCA6D82B3FA02A,SHA256=C9FE2223C4949AC0A193F321FC0FD7C344A9E49A54B00F8A4C30404798658631,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\he-IL\mpuxagent.dll.muiMD5=E4E9EFAB27C62A9D23047178AFC9A83C,SHA256=1D409D392501FF2F8C33719F614B19CDBCF37DD582E643FE94B73AA26FA67BF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_bw.msgMD5=ECC735522806B18738512DC678D01A09,SHA256=340804F73B620686AB698B2202191D69227E736B1652271C99F2CFEF03D72296,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.909{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_be.msgMD5=A0BB5A5CC6C37C12CB24523198B82F1C,SHA256=596AC02204C845AA74451FC527645549F2A3318CB63051FCACB2BF948FD77351,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.907{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\he-IL\MpAsDesc.dll.muiMD5=27268B44DE213002D6C564F0649D5884,SHA256=D1CC6105357A902F8246087E6339293F45EA0F4B64818B33BFD789087B05A159,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.894{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_au.msgMD5=F8AE50E60590CC1FF7CCC43F55B5B8A8,SHA256=B85C9A373FF0F036151432652DD55C182B0704BD0625EA84BED1727EC0DE3DD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.885{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\el.msgMD5=E152787B40C5E30699AD5E9B0C60DC07,SHA256=9B2F91BE34024FBCF645F6EF92460E5F944CA6A16268B79478AB904B2934D357,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.885{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\gu-IN\mpuxagent.dll.muiMD5=F86C2F189DDA9D4108B3FDB79D5810D0,SHA256=768F2C4ABC1D699534336D1EBDCBF91A1161C225997F77F500B45D536FE7606B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\de_be.msgMD5=A741CF1A27C77CFF2913076AC9EE9DDC,SHA256=7573581DEC27E90B0C7D34057D9F4EF89727317D55F2C4E0428A47740FB1EB7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.873{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\gl-ES\mpuxagent.dll.muiMD5=22E9CD2195300F874E22D56F229BE641,SHA256=D7A9C4A0DB73D912AAEDF82B356746E0962D8737ED57B99FBED757ADFC569D97,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.872{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\de_at.msgMD5=63B8EBBA990D1DE3D83D09375E19F6AC,SHA256=80513A9969A12A8FB01802D6FC3015712A4EFDDA64552911A1BB3EA7A098D02C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.852{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\gd-GB\mpuxagent.dll.muiMD5=41145004FF8DD45A36D5CD7858D087D1,SHA256=32C4F684C3CDD43275402E451868C92B492A2A1A0E7766271F32F85FBF8D4A07,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.844{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\de.msgMD5=68882CCA0886535A613ECFE528BB81FC,SHA256=CC3672969C1DD223EADD9A226E00CAC731D8245532408B75AB9A70E9EDD28673,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.843{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ga-IE\mpuxagent.dll.muiMD5=946C26A01CE0B43BCE855766D8A2FBDA,SHA256=0B65D0F9B5E6F8EAD3F0F5DF10D7D5C4054E7F8AE2CA063075337EA33F44424D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.840{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\da.msgMD5=F012F45523AA0F8CFEACC44187FF1243,SHA256=CA58FF5BAA9681D9162E094E833470077B7555BB09EEE8E8DD41881B108008A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.836{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\cs.msgMD5=4C5679B0880394397022A70932F02442,SHA256=49CF452EEF0B8970BC56A7B8E040BA088215508228A77032CBA0035522412F86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.835{6F5BEE90-3BA5-61E9-7D09-000000002102}4800ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.832{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-FR\ProtectionManagement.dll.muiMD5=C341F1BAB98F727E1EA335C60C74D688,SHA256=C3410C3E57AC4B396F4D660D2B069998FDDAC50FA7F595C38F200C9B204182EF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.830{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ca.msgMD5=9378A5AD135137759D46A7CC4E4270E0,SHA256=14FF564FAB584571E954BE20D61C2FACB096FE2B3EF369CC5ECB7C25C2D92D5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.828{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-FR\mpuxagent.dll.muiMD5=23C5A9CECD33866C21A7B070E3416BBA,SHA256=69E95CF187C3FD04A40F1C7F0458AC091FDD6A4C51F91AEAD972EF60B8BC9A1F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.822{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\bn_in.msgMD5=764E70363A437ECA938DEC17E615608B,SHA256=7D3A956663C529D07C8A9610414356DE717F3A2A2CE9B331B052367270ACEA94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.822{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-FR\MpEvMsg.dll.muiMD5=355210542B63AEF819AF79C277934A80,SHA256=70B660D64AB8266452B7273D938F9AC15626A4E1BB2D81049A3A84FA1F608AD9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.819{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\bn.msgMD5=B387D4A2AB661112F2ABF57CEDAA24A5,SHA256=297D4D7CAE6E99DB3CA6EE793519512BFF65013CF261CF90DED4D28D3D4F826F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.818{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-FR\MpAsDesc.dll.muiMD5=44B5E862B194D925A5ED71A1BEFC7F21,SHA256=09DDB691F5E89918D3F92F34599BEB55DEBF83057B51DAE49ECDE57E865C28A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\bg.msgMD5=11FA3BA30A0EE6A7B2B9D67B439C240D,SHA256=E737D8DC724AA3B9EC07165C13E8628C6A8AC1E80345E10DC77E1FC62A6D86F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.812{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\be.msgMD5=1A3ABFBC61EF757B45FF841C197BB6C3,SHA256=D790E54217A4BF9A7E1DCB4F3399B5861728918E93CD3F00B63F1349BDB71C57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.811{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-CA\mpuxagent.dll.muiMD5=CBF02EF073E0A7E07C4C59C4FBEF8C72,SHA256=D8E1C88B12FA699ED1444022726AADB2464334CA00D9895EFC45A56864594DC9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.809{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar_sy.msgMD5=EC736BFD4355D842E5BE217A7183D950,SHA256=AEF17B94A0DB878E2F0FB49D982057C5B663289E3A8E0E2B195DCEC37E8555B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.807{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fr-CA\MpAsDesc.dll.muiMD5=7449A7FA39DE266A5DA058FA94933C1E,SHA256=E5E4519B6F9EC15AFD5E1C1B8DF028741239B91DE7D0180856D0B51D57E37DE0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.801{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar_lb.msgMD5=3789E03CF926D4F12AFD30FC7229B78D,SHA256=7C970EFEB55C53758143DF42CC452A3632F805487CA69DB57E37C1F478A7571B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.798{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fil-PH\mpuxagent.dll.muiMD5=DB490CD5090EB998C109D4F6C9F6B914,SHA256=FC43DD264BE0FE99AC8E2D18B740EC0B73561582266D02D83EC1A47B175D4732,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar_jo.msgMD5=4338BD4F064A6CDC5BFED2D90B55D4E8,SHA256=78116E7E706C7D1E3E7446094709819FB39A50C2A2302F92D6A498E06ED4A31B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.789{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fi-FI\mpuxagent.dll.muiMD5=2951324A4D9633A4A8920464A73DA9CE,SHA256=97EF042D4E86CC9E9808A75D2E139163FBDE643AF128C4F7EF0E9623AAFFEBF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.782{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fi-FI\MpEvMsg.dll.muiMD5=7072A9CB63B9CB656A956520202F7CF9,SHA256=09BE50B13ECC453C1ECC58DD010E571203F21C54A07D0378E9F38E21C71F3596,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar_in.msgMD5=EEB42BA91CC7EF4F89A8C1831ABE7B03,SHA256=29A70EAC43B1F3AA189D8AE4D92658E07783965BAE417FB66EE5F69CFCB564F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.778{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fi-FI\MpAsDesc.dll.muiMD5=F2D957706D1265AA7B251713A3220A20,SHA256=77D9FD696576B30926E34F7695151F88211223C8554614F77EB0F9D7E7F440B8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ar.msgMD5=0A88A6BFF15A6DABAAE48A78D01CFAF1,SHA256=BF984EC7CF619E700FE7E00381FF58ABE9BD2F4B3DD622EB2EDACCC5E6681050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.750{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\af_za.msgMD5=27C356DF1BED4B22DFA55835115BE082,SHA256=3C2F5F631ED3603EF0D5BCB31C51B2353C5C27839C806A036F3B7007AF7F3DE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.749{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\fa-IR\mpuxagent.dll.muiMD5=2B63BA7C3221EF6A93F9C2619E2C8A84,SHA256=DE20279D35B8D326D76479B3FF7DBE7A61173FAF3D449058070542D9D58CB6A2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.748{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=3F23528A1C9705B9A060D35722BE51ED,SHA256=73EA4728C7D1C3094676C6BC97E4AF046D8C3DE237B0F6CE1F42F5447B342F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.745{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\af.msgMD5=3A3B4D3B137E7270105DC7B359A2E5C2,SHA256=2981965BD23A93A09EB5B4A334ACB15D00645D645C596A5ECADB88BFA0B6A908,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.737{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\eu-ES\mpuxagent.dll.muiMD5=5B10AF1242CA7F648B490741F2DF8520,SHA256=AA5C7A32CE883F00D45F4AEAE72DFE705AE507181CC2CE689BF2426740EF2B83,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.730{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF18C54A2811CC4E946680CAE6BF63EB,SHA256=072EA1E1DDA46B1ADA897EDD4849ED14ECAB309F4C122429D6AC11D965F87FE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.728{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\et-EE\mpuxagent.dll.muiMD5=FB98D0BE2991E0FE20A069D56CD23B42,SHA256=ACC123176D10917CDF790A10081628D31E7AACEC9C8ECDC97A44E3A6E3C25080,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.723{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\python3.9\site-packages\libxml2.pyMD5=6D64AFB0DFED5D3D2BB1CE44AA354415,SHA256=75EB729EAEC55D0605281CF95D0B9EA5F789682062F6212D451BB67E55D4B286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.720{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\et-EE\MpAsDesc.dll.muiMD5=97EDA100F26EAF8E95056AE742554177,SHA256=A326D66D07ED074A9494E53193584BB675C29CA70198A14C9ADBA3CE8CBC3BBB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-MX\mpuxagent.dll.muiMD5=D69771B02DB93D6F6E8A343978F499A7,SHA256=9FCBDA0A30314F5A45CB005475AC90FFDC60585EF7816CBE691544F1E2299BA1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.712{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-MX\MpAsDesc.dll.muiMD5=D1CBA62B76E5E851B8922EABFF2DEF6D,SHA256=1F9767C1C1EFE0C4D19D0F22C8FA6ADB60E4E88013CF8112D0BC60608EDDEE5C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\python3.9\site-packages\drv_libxml2.pyMD5=E7A27833223ACE01915682066108EC20,SHA256=A5E89415342706AC6F6060034DE1E3746D3E3599C205A01331432E7F5C604716,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.699{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-ES\ProtectionManagement.dll.muiMD5=1933FC68D4038B5431F7CB7AE468F393,SHA256=961DF898ABCAC1F2911002445BFC624327BC153874D5E3E7556E467B360A55E2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\etc\pki\ca-trust\extracted\pem\tls-ca-bundle.pemMD5=90305734BC747686902A268B5492C280,SHA256=533425A9055CC8D17A5C05B04454DDB5EC45F0C8E7F05D2F035866154C62B8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.695{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-ES\mpuxagent.dll.muiMD5=2FDE66202B0916607183D62E68CFB1B5,SHA256=AF712FBC07C22C3950C81F0F207EC5CB078591E16857DE6373ACDE71B814305E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.690{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-ES\MpEvMsg.dll.muiMD5=1CEB1C751D2CF63A0856B30A74486565,SHA256=4421F31079246BD5A8B2C76B305BD88251DE81DAA0DBFDC393ACE55198B58F34,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.687{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\etc\pki\ca-trust\extracted\pem\objsign-ca-bundle.pemMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\es-ES\MpAsDesc.dll.muiMD5=B6A28B3D905B28545AC4EC448846C6F4,SHA256=89404202E75E8D03AF2458906D9622C7ECD43F4B30180B079B143B77EA6BA6A4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.677{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\etc\pki\ca-trust\extracted\pem\email-ca-bundle.pemMD5=5F1387A78748BE52694097E69547ED3D,SHA256=55A92E2F83086FD553A22BEEEDA1CEA75347EA8673C5CEEB4A67746285DB9558,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.673{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-US\ProtectionManagement.dll.muiMD5=57DD5DCD626332FA892BF1526D09C1D9,SHA256=385171BD15127FB8546EF4378CBEA2BF25F5063E6E731DFEB4EF868829FB25B9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.670{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-US\mpuxagent.dll.muiMD5=FEA5726C8962F98A3601E47EADB5A3E9,SHA256=FC18C509866893EB03BC82F49C0EF07C344640CF8D6FA3963247ABB7521A4A56,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.669{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\etc\pki\ca-trust\extracted\openssl\ca-bundle.trust.crtMD5=9929D5928DD5ABE2935460B871355976,SHA256=53E2BE799A5716D4BD7F17A4D9C7D217D79902AD151617BAC035E2B9BADBB0AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.667{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-US\MpEvMsg.dll.muiMD5=0D87F3932078B4049523B8CDD3EE5692,SHA256=46022C8F7CC601BF73D231C213612BFAED0E95A76BC510DA08B7323EC1CCB2EE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.639{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-US\MpAsDesc.dll.muiMD5=BC78A3B5260E268C292724EA573194F9,SHA256=2C4B8F48370B6ADEA49A21F2D89F2400E54C3EE937120152B50A94FFE5F5F7A9,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000059170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\LICENSE.TXT2022-01-20 07:58:58.585 23542300x800000000000000059169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.625{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\LICENSE.txtMD5=7C0D7EF03A7EB04CE795B0F60E68E7E1,SHA256=5B2198D1645F767585E8A88AC0499B04472164C0D2DA22E75ECF97EF443AB32E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-GB\mpuxagent.dll.muiMD5=DD65190763621E8E1B642A4305D5E801,SHA256=8CBEC55311F2B7234D1FBD9C46AB6CF33A165610960132FE73C19FF725579658,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\en-GB\MpAsDesc.dll.muiMD5=8DE66C308CA2A9340CC9E84F753FAA56,SHA256=AE6A41CA40A926287BCC94503AC9AD42568D6BB62B4CF2DF60F0599FA9E988FF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\pki\ca-trust\extracted\pem\tls-ca-bundle.pemMD5=DAD3BF974463F0084D3BFE93B5D1819C,SHA256=E3E8744818327496A1990E273235CDA1A36E0FA13A57D96AA17C1C8C33C04023,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\el-GR\mpuxagent.dll.muiMD5=222D67D112493530069E47CD64364BAF,SHA256=B6E4B5BF805802069890DF5FD769D48F370620E607809E48E233C78EFE6F90F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.609{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\el-GR\MpEvMsg.dll.muiMD5=9B6F194F0D0EB1ED21B000E07B0CBDCD,SHA256=E1A7E2391FFF39162293DD3AE201ADC393D8CC91E83A4B33C2C9A089EE69D203,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.594{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\el-GR\MpAsDesc.dll.muiMD5=53B61803FB8BDC469ED5D04FB8983233,SHA256=BE1609A94963D07A591C7D38947B28AE79A9D070385E70BD594A1DBD6DF7EB31,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.594{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\pki\ca-trust\extracted\pem\objsign-ca-bundle.pemMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\pki\ca-trust\extracted\pem\email-ca-bundle.pemMD5=1A9E87A0C9CE7347C12AEB1C4B2E31F3,SHA256=99067FBB3DE75D631A67CB0C0FAD11248E0FA080543386F1C02A2AED9F14F226,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Drivers\WdNisDrv.sysMD5=9C4361259D5F0D7A36A10BD28D000F90,SHA256=7445476DE9BAB0D9C975DBDF63BD928D7E3139DF3FC69463BF08897E3B087575,IMPHASH=B2232D76DB16949062B092AC66B306E5truetrue 23542300x800000000000000059159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Drivers\WdFilter.sysMD5=B6C6FFC05B52D2F8A433DD12C3A11D30,SHA256=666259E830F5EAC0707B2D957944B7468FA645271C60B8EA54E5130B8336D1F6,IMPHASH=D148E8A715DE2CD7B90529132F014544truetrue 23542300x800000000000000059158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\pki\ca-trust\extracted\openssl\ca-bundle.trust.crtMD5=9C7D35DE9807C2BFE86C18AE1013B2F2,SHA256=9B72D3B397D25707950987F4C780EE04347F387A8936656E00CA05DA39C98803,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Drivers\WdDevFlt.sysMD5=26B890C2237E48DAF8B9B901EBE7A0C1,SHA256=B1D793E12DBF2CE5197960454F0A5AE6C93703FA5BF2D7622EC0FDFBAC183211,IMPHASH=61C274FC875F096B5217A7AC611C5557truetrue 11241100x800000000000000059156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\package-versions.TXT2022-01-20 07:58:39.460 23542300x800000000000000059155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\package-versions.txtMD5=D349E83A7A077DEEC917AEBCDEBAC6CA,SHA256=8431664A3F0B771C80D5BB11ACD2A80EDC01FAA6C484D6A90837C7DC2AE34344,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\install-options.TXT2022-01-20 07:58:58.663 23542300x800000000000000059153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Drivers\WdBoot.sysMD5=1BF7CF2DBA97C71FF1876F0DE67421C3,SHA256=B946398AB34EF5BF16DC3461D32261664760C0F86E8A281BCD90361A170E27FD,IMPHASH=4B7A0029980F4F757F052F90FE2D4610truetrue 23542300x800000000000000059152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\install-options.txtMD5=7C2A76AF7C79FE51F8156BD1C0189AB2,SHA256=88CA6FF41B5BCFB27CD2735BD5DF588DB9C5C9F82F65B10A032BDA001797E8FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\etc\docx2txt.configMD5=A9E573C74B430F619A2E282BAC850555,SHA256=47CB8C83799B40B01DD4EEB3F3293C438CA4A869FE98D5556FAB85F8545993B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\de-DE\ProtectionManagement.dll.muiMD5=381A9FC19B05718037AA3A552715C54F,SHA256=EA4DDE3088A05BA4A894FB81A8ABF0769DB0A8F79F9D1E5E96BEB916610710C4,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000059149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\cmd\start-ssh-pageant.CMD2022-01-20 07:58:39.522 23542300x800000000000000059148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\cmd\start-ssh-pageant.cmdMD5=FE57499D10C5FD319BCE323AAC321F71,SHA256=80B0B11EFE5A2F9B4CD92F28C260D0B3AAD8B809C34ED95237C59B73E08ADE0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.527{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\de-DE\mpuxagent.dll.muiMD5=16C6FFA34E0C59EE77F916EBF9148AFC,SHA256=6EE8E608A103E991460B51D87AEFCA126EC8744642559B536F70330A848CFB08,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000059146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\cmd\start-ssh-agent.CMD2022-01-20 07:58:39.522 23542300x800000000000000059145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\cmd\start-ssh-agent.cmdMD5=0237D6B0CAC0980ABD035E0AF2959E36,SHA256=F16B345ABA17ACD124AB5940635DFA2D87445DF73EEDBEB80E0285F29C85415A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.478{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\de-DE\MpEvMsg.dll.muiMD5=7AF483C2AFFDD95213DDDC495D001DC0,SHA256=155EC9FBBE052BCCF189B89EF0F802DA48547D107A26A9E342BF9A23B4F1ADFF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.478{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\desktop.iniMD5=6383522C180BADC4E1D5C30A5C4F4913,SHA256=4705BA6793DC93C1BBE2A9E790E9E22778D217531B1750471206FD5C52BBD2B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.447{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\de-DE\MpAsDesc.dll.muiMD5=FF00B121B166AB8E4857EABE4AAB9BCC,SHA256=9285FDDC5E40919E750A95C255588332876547495F6E245BAD983D612DAA4704,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.431{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\da-DK\mpuxagent.dll.muiMD5=C63C9C4C55D3B4172BADC2FB45014D5D,SHA256=88346BDE6D5FC1C0CADFA5755944F466F8960C9CC17A5339851A2BAD42376C70,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.422{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\da-DK\MpEvMsg.dll.muiMD5=849192FB21F761073C9ED4A3F5BD4688,SHA256=1EAC8A8C05B8AAFB4505A7828D7E7F98567BD0C71DEE4E08AF467F31D34A9828,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\da-DK\MpAsDesc.dll.muiMD5=BB1447340673FA9F6B96A9987290F278,SHA256=A166D52AA0AB379DE33CF5796A5B1861246A36BB8B17D8C87E0F0529338C0AC3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.407{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\cy-GB\mpuxagent.dll.muiMD5=CF1FB8FA2725C2DC530AE045F1ED8A6B,SHA256=EEB5D85389F768042AFEB2B1203BCC151069F53DAFED28DB404122013041241F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.403{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\cs-CZ\mpuxagent.dll.muiMD5=FFE6628B2AD343CDA7FDFEF38B84B48C,SHA256=B5E81F2E96B81367B16D77BDB21FF45C92B880DF501AD17FEE4F8B1E756C636D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.401{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\cs-CZ\MpEvMsg.dll.muiMD5=C40C173214A061E8BCDF28F6328CAD40,SHA256=17B281694628800A6B1541826B912F8FF0788D171A900F6DF4BA8A6AC01B3A46,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.397{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\cs-CZ\MpAsDesc.dll.muiMD5=71EA670E1886321DDDDF005D7B47A7FD,SHA256=BC031DC51AE7128AEE1ADCCDA0F7ACC9EB3BBE8DE121B206B0E9801E956F82B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.392{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ca-ES-valencia\mpuxagent.dll.muiMD5=C9E9AE82C7782DC0E66BFE5EFEFF336C,SHA256=CA202FDD69FB81DBF24708D144E942FC10ACCFA4703BE979AAD55FD88B62E7F6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.389{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ca-ES\mpuxagent.dll.muiMD5=0EC7F6A6BDC86183AA58893F948989A2,SHA256=02FC3320529F9A51D88030CE7C03AC3A62517B8141768FE001B995DCFBB202F4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.385{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ca-ES\MpAsDesc.dll.muiMD5=D2A485200AE94654A45301149D87A8A1,SHA256=9164442B33BAA1DAAF4609189D8169CA9DFA67BB673683F66A49ED9145DA7585,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.385{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Common Files\microsoft shared\Stationery\Desktop.iniMD5=6BD5FB46283AA48E638BEF47510C47DA,SHA256=44FE5EEBD80E46F903D68C07BCF06D187A3698BF3953BC58BB578465E2E0FE6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.381{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\bs-Latn-BA\mpuxagent.dll.muiMD5=6C4B5C9E187A6B13C39FAA41C742EDD6,SHA256=9C776358CD7A47CCBA26F992472A0A739C6F0C152B89B5AEDDCACA8AC43684F0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.378{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\bn-IN\mpuxagent.dll.muiMD5=231D5D0EC76C7498E5A94E120943699F,SHA256=1807A40E971F9A586671F144CFB34404D2AFAA027EC9E670E323BA70577FC9E4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.375{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\bg-BG\mpuxagent.dll.muiMD5=6275E196D18A7E2E298B30AF3ED5C880,SHA256=06B162090901AC0604283E1CE2EC1928E0A7C651332C3E7BE593E438DB02AC88,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.372{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\bg-BG\MpAsDesc.dll.muiMD5=DDFB72494C7DAB2C2DCBBF58F1384BB8,SHA256=7E28FA6FC9DD05652F3DDCC4B9BC54469DD44995EC69EF149B9477B4C0CE53D6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.368{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\az-Latn-AZ\mpuxagent.dll.muiMD5=06A297C9B8293DA4AC3B56D304874F2A,SHA256=C5D1763D4F042FE777BB02E47E26F76EC9008AF689679BDA6480E1541A1158BF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.366{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\as-IN\mpuxagent.dll.muiMD5=D359F26A958650D3B5A28495DC39D409,SHA256=F2A33F57BED6013E9850AB150C83577862DE7FADA3CAA1C87C94100F486D92A7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.362{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ar-SA\mpuxagent.dll.muiMD5=53F858DC25ADF3684E7E025277A57023,SHA256=D57524C7B0D7FE779DC3803F041C341F818381E19703D32BAA988F1697D1175C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.354{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ar-SA\MpAsDesc.dll.muiMD5=628870D988EFBFC39C06E7BA62495FFE,SHA256=161D58719676884DB3BDFEA9A5770A55EC7BEBE839D97B6ECA3D20EC5A3D6B2D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.354{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\ansible\Sysmon.zipMD5=AAFD6A6773A693214BFD475E764A75B5,SHA256=113AC251472E6648DC99C31E5A9D5BABF448B40A9AA71881B2EA2BC169E122D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.348{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\am-ET\mpuxagent.dll.muiMD5=F5F731716CA6C6CEFF57DEE03EB33376,SHA256=A2E33041860906CEF0BCE5B2F3FD2AF88E3DB61E97FF9EB16D650CAD1F69F708,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.342{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\af-ZA\mpuxagent.dll.muiMD5=2A54A6EFE0D70D2F8120E4F9AE10F2AE,SHA256=F90B4913826DA577A68006FC7211E2390534BE9639934AFC5A375436373B1C71,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.337{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txtMD5=F49BC2F27AC3DEB9807126CD604B494E,SHA256=349E4C7475FB5E7F590E7B622543F0498E185EA4A8749183B3830A6BF643C46E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000059118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.998{6F5BEE90-18B8-61E9-2A00-000000002102}2964C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-53.attackrange.local65421- 354300x800000000000000059117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:29.540{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52444-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000059116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.321{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\ansible\sysmon\Eula.TXT2022-01-20 08:06:57.815 23542300x800000000000000059115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.320{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\ansible\sysmon\Eula.txtMD5=8C24C4084CDC3B7E7F7A88444A012BFC,SHA256=8329BCBADC7F81539A4969CA13F0BE5B8EB7652B912324A1926FC9BFB6EC005A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\ansible\AttackRangeSysmon.xml.bakMD5=B5AB4D6F9CA17BD5762726F3AE978416,SHA256=6DAC889080B8F081C9FF3F2C009FE4F3D8C39F08021CE169F17A92B43FF812D7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\XenTools\PreparationText.RTF2022-01-03 22:28:18.000 23542300x800000000000000059112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.297{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\XenTools\PreparationText.rtfMD5=74FEC71288E7374507FF15CB0697B6C5,SHA256=AC9001E712D16AE4091019A513061730A7AFF7F27A54EA1767593787851B18D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.282{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\XenTools\Installer.exe.configMD5=AC8CBE09AC87C29FB067B862F650DF27,SHA256=11716E0949DF3EB34FD11AAAA8D23BAA21525619350D2D5CCF4CE9A8CF11019D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.274{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\XenTools\AWSPVDriverMSI.logMD5=9ABB83DB265DD5BBBA1E47155F6422FD,SHA256=3E0DEA028F48D724883FB56AE9D7B4DC1A0A5479FA4C7887F20F42824560BC29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.197{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\SSM\Plugins\awsDomainJoin\log4net.configMD5=74F18BA17A760B562ECB8A7B7E66F5AF,SHA256=480ED6BDE17847CA5723E32DE155E9945F116DC22BE58DB4CCDF9647ED2B4A22,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000059108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.197{6F5BEE90-18AA-61E9-1600-000000002102}13241960C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000059107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.197{6F5BEE90-18AA-61E9-1600-000000002102}13241364C:\Windows\System32\svchost.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\System32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.174{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\SSM\Plugins\awsDomainJoin\AWS.DomainJoin.exe.configMD5=293CB6CFB6486BC6645F351C77147DC8,SHA256=D0BA25EBE600A60DC9AFD053CD1387FC11B6F73605F2CB2A7C194041042A2108,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000059105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.140{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\lsasrv.dll+26327|C:\Windows\system32\lsasrv.dll+2746d|C:\Windows\system32\lsasrv.dll+261a5|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000059104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.140{6F5BEE90-18A7-61E9-0B00-000000002102}6085192C:\Windows\system32\lsass.exe{6F5BEE90-3BA5-61E9-8209-000000002102}3968C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\RPCRT4.dll+2be8f|C:\Windows\system32\lsasrv.dll+260ed|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.CloudWatch.log4net.configMD5=B916A89066F3188F67D8E6AED9CEE208,SHA256=B1844067F6ACD33FF3C0067BFD5A704CB7725CD761842573682B5CB66B55F2A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.056{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Amazon\SSM\Plugins\awsCloudWatch\AWS.CloudWatch.exe.configMD5=DF3E5E010E337A31AFF56D2E78934B15,SHA256=C3640DF5F16A146EC64F5E56466D539B2B92A37A2A9E3B3D54A753A3A5C843FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.003{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2537A7F1D9631E239922B001C525A88,SHA256=832AA6E843F1D390F53C0D008DE83A6706BA0A9BE4189E2A6497E440BDD6BD88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031802Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:31.752{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F169558409BE24551C7AC68073B848F,SHA256=343BD0A9A3C833A5399FEF3879E6C8179AE52B1FFD89E31C379791BFE4D1E102,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.913{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mailsplit.htmlMD5=628CB5C0A9B5F4257ED2F7E7B8A197F3,SHA256=F5F8C7D5EC8258EDBBCA12E8F070216F372F54F39DB50C9351219F2CA9B676DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mailinfo.htmlMD5=3753ECDB579E91420328A52ECB642191,SHA256=0A6E8188BBBDAF9BCBD3C607EEF0C3254AD0931467B79C279F4AD3EA5CDF6DC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-ls-tree.htmlMD5=CCBD1CBC1F523B52E4A57AB369C417DD,SHA256=16362EB8AE4B615264D42C8E60280F71DC75145778E67396D082C7E461E57C8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-ls-remote.htmlMD5=7B4DC8BF11862AF5E5898A50251C9B0E,SHA256=D3B8DBDB682570B7B3AB91892D509AB6BFA74210671598DC93844C4205195168,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.898{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-ls-files.htmlMD5=E1E7007DF12164CB162969463044ED47,SHA256=FC97E9C02A0269C9FC26FB291B019B6EF64F0930C9CAFDC580433F801B104091,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.882{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-log.htmlMD5=9C42D6360158063EB202508DE9579472,SHA256=1127E76B7EACBAB5FB028D3D9C669D6A30CDA8F8CB07BC5E417624E92C85492B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.882{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-interpret-trailers.htmlMD5=381A128D1B85CAAABA558063F96F4930,SHA256=865B9DB5DE69544D4D035DA05BA6E51F066D1BD8DF6FE57ECAE5AB66BEF9AE50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.882{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-instaweb.htmlMD5=7217983DE3E85ADEC2A44AE53E247D98,SHA256=F7977521B6E2D142C84D64DE80C887B3411E7CC040D1AC1F548DF52251AAE6FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-init.htmlMD5=604EAD220E761DA92D96A4DFE399A7CF,SHA256=962729E44A591D3D2DC01625B90B82778F1B9FE224979DF3464941EBCB631605,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-init-db.htmlMD5=925AEB8C77D58CBAF097F82615297417,SHA256=C33C0ADAC38DEF551F26A72B96AE201BF4E82048346274429DD4A3F66BA6508A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.877{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpRtp.dllMD5=EABFAF1CE6CB8843DA42FBA01E8BF069,SHA256=CA99B8EAA6ED8C706590551BE37107D027BBD53CC9E52805446ADF59B3AEDC1E,IMPHASH=37FBA5E19A556368C80635383A68D429truetrue 23542300x800000000000000059645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-index-pack.htmlMD5=6717D1FCA14E86636A280E1E0E614C45,SHA256=D26D208A6B76C37C25605FCCC20FC3C5C8EF95EFEC11B2C1FC7565E70A4ABBCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-imap-send.htmlMD5=361655708A454667610548F88C34C764,SHA256=8211CE8E4C20E3BC6F8C4327F81FD96B9D30FEACD9FB6EB103D1756B37D04713,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-http-push.htmlMD5=08F8F23E2C7AD1AB8059A63DB63ABA79,SHA256=69D186CA773B8129DDEA69E8E1784D2CFAF012484949656855D6A5789674F221,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.860{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-http-fetch.htmlMD5=0B31F1659C95606B509B8BE12D9C79C5,SHA256=6B8BD5B45C3B21CA979BCE03AD5FEB6E410602AEC20D0E283A85548BB4CEF8E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-http-backend.htmlMD5=2AFD38C32664F70B02B287C46B90DD30,SHA256=80A056C457EB618A3E4A1AB885CEBBE6767DCBC88F399C6F58638D9609103477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-help.htmlMD5=47821892E0E61141ACA1E88C3FC08A85,SHA256=FEEAE0D7D2B9128A94DAC09D0191B39B93EE02BC3AB2CBBFE2EDAAD45AD195FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-hash-object.htmlMD5=342A79656D3F00A913C75665C48CE128,SHA256=2E4B5C2D3B2EA5DB1E25A35C8A8C5027BF2D2291400EDE76A72AFC5757D56BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.845{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-gui.htmlMD5=AAA2492F65D16DA71F3621F4D4C0A0CD,SHA256=5A76AF60792D5EED994F5F8C4951E7CD1047004FCC6A80E85479F4816A78140C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-grep.htmlMD5=C9F67B09FA5EE0D4415266ED4D568C13,SHA256=F44043F0DB4FCE407EA08D42D9861E43EDEBC19273F041100CA087E2A24FF3CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-get-tar-commit-id.htmlMD5=73E65D539C2B988E5BFB666F4B49B6D4,SHA256=AC50D36D124305150006A7760B9B134B0BDBCDE8FD0F769F2BE9D6F5E985C1B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-gc.htmlMD5=C396B1C70C7608CAC39BCA557C87CAF8,SHA256=5BD4381E2C2DD7FE81FFA6894DA06335198F3D17BBAA402325D5DA1A17AB9107,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpOAV.dllMD5=507A1C4DC135D31E60E46C911F518352,SHA256=07AA7775DEC86AFEF867C3B902BCF47CCB36E224433171EB6C4C0E3D80F753AB,IMPHASH=03EE692DE6217827EFB332DB1F358A4Ctruetrue 23542300x800000000000000059633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.829{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fsmonitor--daemon.htmlMD5=8E05702F77816CBE195348E7E49CB391,SHA256=3E5A00A96134099194E87161E01F629B6D874CAF33478FE31A0BD181D9FD696C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fsck.htmlMD5=C63F7683C87C79AE093E72EA6FFA2878,SHA256=E939BFE0E14CF1F718CFD8E81B3C932FE36E9A6BB5E3B82351DBDE85CABBAA2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fsck-objects.htmlMD5=C5964F18B2ABADAE2989F2ED441C43B2,SHA256=9A59D19316140D73168B04A06075FF8F1557DAD45476FA84D10138217C647898,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-format-patch.htmlMD5=61D1915293736235D58FF96F3127E51C,SHA256=E9C2ACB3B6F45273E4B2DEFC34CA6B9B47CF97F49F9BC8D1207987304C9E99A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-for-each-repo.htmlMD5=CDFE4FE9E372ADB4F6010387ACF911D3,SHA256=4E3FD0CBA7F86F24BC719C4704D7CA2D22B3654B8DD085AB5863E94F5D7FC966,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-for-each-ref.htmlMD5=1B28D0A97D818C6C777538187AA0EB86,SHA256=D20451DEEEBB225FC8AF7DDCCBCDD5F6CFF9E492F9E6432FF0AB962A5F2BDF0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fmt-merge-msg.htmlMD5=A7EA0A8B02B4949DAB6E877F09B190E4,SHA256=76D33F3E9BCF928DE5A475E59648534C933BF5EE1B40DEB098BB1BA02F512569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.798{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-filter-branch.htmlMD5=4BB49ECBF190BED5863B82ED01308858,SHA256=88A19957BB65FFEEEAA77A961AA6E7535C21CFE14315FD86F1ECC45392594D48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fetch.htmlMD5=59E01DF56A053C0116608974C434628E,SHA256=153D909E2B2424D0AD69F5154B0DB0CEC0642F48B0C19A0D726A5243EED7005A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpEvMsg.dllMD5=E6BA4B06A514B05F1A6F67E02776CB12,SHA256=3E69F409180506A6636CA8F0620AB0CC9B57F1393AC5986CC8BBE50BEF12C9C2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fetch-pack.htmlMD5=F783F0184A57D7A2DCF05F08D42B8A55,SHA256=350993B1E75480D412DCB0FC42E980975EA046732A39862D4764A1B4BDE94080,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpDlpCmd.exeMD5=9DA1C405AF787EFBAF735B76388F867F,SHA256=7E7180B5534BE4BF2E531DCCE4BD8C0CB55EEC93759625283A162C0F6149464F,IMPHASH=ADA70A1CDA9F7CFE0EE9ADC707952597truetrue 23542300x800000000000000059621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.782{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fast-import.htmlMD5=E9AF57D55FE59F59A6CD485EABF90EAE,SHA256=CFDDE4B358FFB3FF0EFD5974922CDB6CB11F7C44B924E4DF420F8F83A31BFAB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.781{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-fast-export.htmlMD5=A29089EABB54F7C5E70350BD3271580C,SHA256=3D5ACBC14CE16B058D28B25D29804439FFD0DCAA86BD00FC97C3FA8AD3E3F4DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.780{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpDetoursCopyAccelerator.dllMD5=50E2C916D6B2E5CDCED1BF18BEF5B9E6,SHA256=C880E519887E5AFD35612BDAF4F987D79ED294050A4D291B54B18F7F3C80A89D,IMPHASH=F50111F80E604507B2C7408826513BE5truetrue 23542300x800000000000000059618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.777{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-difftool.htmlMD5=9008ACEB23AFB3609B56265DD5DB037D,SHA256=9CCF43F59F82D04504D4223A835DF892D13536106EF8D9F1627A65E3BB4D5294,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpDetours.dllMD5=6694C427D876FEEC65126E7734886E88,SHA256=A76E653BA8D251379133B748B685C08672A69D1CF95493549E563CFAD8A8D7A5,IMPHASH=347E3515FA426FC23AFC3969AC2AA015truetrue 23542300x800000000000000059616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-diff.htmlMD5=A56BBA7763998E7AC34D710ADA725C99,SHA256=B06B1843D38DCFE9E29116D1187FF3EDB5B1C02257C2886B984576A271C4FC81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpCopyAccelerator.exeMD5=B613F7C352DB0471338A01FA7CF94521,SHA256=71ABD7C64E51AF9A750A31BAC218F9E6781C913869D97AA4024C2456E101CB20,IMPHASH=775658B4F88AC7DE8C3C8D449492BD1Ctruetrue 23542300x800000000000000059614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-diff-tree.htmlMD5=8C920E3D2B5C59FA19E215F491D7CA0E,SHA256=131117718369C739F579F24E17D6A03FEF61DC30DDC136FCCB46CA563F59891A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpCommu.dllMD5=98DE76E6BD6919C81785F34F3E4E4025,SHA256=A5D1C85E15E4454D0CF4E613107F688B540A046659F1DDECA859B395335BD50D,IMPHASH=35E8A857FF827D9A41B3350558B1A472truetrue 23542300x800000000000000059612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.760{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-diff-index.htmlMD5=3057F59B209E69CB314A9C234866DCBE,SHA256=AF862CA3954346B883C1D38ED4E4F8EC490B823E9502EDCC593CF9308E2D4127,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.745{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-diff-files.htmlMD5=37CAE84F19122F559E030CB50C5E030A,SHA256=8AF546B373B2AC5FB8953A436133835B45CF63C2929E5E95BD4370EFC2F9ED09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.745{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-describe.htmlMD5=AA8338891ACFE8F5D39031E7F798FD2F,SHA256=AFF8AAA22B0117DEC0E2308FAE584A246A59B95C7339770159B677C3284E8627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.745{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-daemon.htmlMD5=2AA3E15EC2CCD12A9DF25315F2973956,SHA256=873BAAB159A529F76FF9EFC5888504C2BB2C4F4ECCF48B2A0BEDD9605E804420,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-credential.htmlMD5=85E056326CFE3B6268BF90C45E41E165,SHA256=9C2E951405F1A95CEF59764138BAB4B50C14FAAEE9949CDFA41B419F900B15E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-credential-store.htmlMD5=08653E0A7BCF5C0ABAA746B6209E36A7,SHA256=FBB0B89698A91BC5D87BD7F361D12840EC9E1E27E917A68A858D90BAAD4EFDC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-credential-cache.htmlMD5=CAFF8776D4B300A74CCC15F5E2F11FFA,SHA256=F3173C219B24045940DE45B5F63B0A872D76A569F9C151A2221FC52ADDFE588C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.729{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-credential-cache--daemon.htmlMD5=23CDC7B903D9DBF655192A5D3648CFFF,SHA256=8B2C268C45508B57E1D800B7B3284BBC7C326339F393E11E36EFF1897FDABA00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-count-objects.htmlMD5=23345F591F699540E003082C71C88656,SHA256=44CE1E779253E7285F0DD014658482E653D9FB588E5A9D23B7322F05D19830DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-config.htmlMD5=99A62045D703C974FE8AC8FDC6F73B4B,SHA256=B30F7899C10D2F9BA399C5C1A60280F11E33F0F0D4FCC83EA916233C2950FCB7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000059602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpCmdRun.exeMD5=D50CBCB0B8B3282CD169E0032361D418,SHA256=F7B6EB6E4D8E04C7243AB0AB73CEC6E20E980F07E03267ED4B0CA69CF9CDAB3D,IMPHASH=64204466147057F73085F9FF5ED1840Atruetrue 23542300x800000000000000059600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-commit.htmlMD5=436919800790748887286C187C42B6F4,SHA256=3634DF6DDE261DCF6619C68106F019128D6FF8288071D0ED6422CF061EFA885C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000059599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.714{6F5BEE90-18A7-61E9-0B00-000000002102}608780C:\Windows\system32\lsass.exe{6F5BEE90-1B15-61E9-FA00-000000002102}4632C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x800000000000000059598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-commit-tree.htmlMD5=212AE34E1A4CEEF446D602BAEBCF532F,SHA256=9F2D9FDFFACB1740AA5D9DF331DE95E8A9264617F025A3821CB64D92B612338E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-commit-graph.htmlMD5=B4FFDC3DA7C80160A4315312EF3EF852,SHA256=7302C47E907D2E5AE5E558B0CA21D921E4ACDCB386FDEE7E43F219DDCFFBB418,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-column.htmlMD5=F18F35CC76CC22A7C2B0A68A84A2A693,SHA256=4DB3FF99C647669E7AA4B673AB29F411886311F2F5D4C05799D34143F3553BDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.698{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpClient.dllMD5=FD7D2158F21085FF8E8C46829839708E,SHA256=DE50D8BB61B7F0BB423E4A50A6775192C4809F63C18BE9426C4AC2E127BB9DA9,IMPHASH=0D1EE75448E1ED838607628FA1A8D94Etruetrue 23542300x800000000000000059594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-clone.htmlMD5=CFD45A8C5007F79ACAB9ACC8632C5980,SHA256=BBEA8E1AC96D29FF917784FFC1B1A08EAEC13A5FDE1A8103D920E2CB4136AAF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-clean.htmlMD5=D14EE33C14FB31051C5C538B7274F5EA,SHA256=B3338BFB2450BA92E6140A758DB28383A03B5E5809E87CE2893748D4ADFD8CC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-citool.htmlMD5=44361C38AA66A61DE2C2D2B4ECD3193A,SHA256=B32329AD3552A47D5FB161F9E8F46A7B87D452DD10BFE9B9BBBDA352476492F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.682{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-cherry.htmlMD5=F6C98027D7A87E9B360A21EBF59C6A68,SHA256=52E2D94AEC180DD54504228DD9345D3BE0E5B74A7C5FB81287B7DDE490CEAB5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.681{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-cherry-pick.htmlMD5=B1F835AD43FD8D434AAD7B6759DA0CC8,SHA256=7AECA74DD3A6EEC1F281C9940377E03AEFB268877C2A8153792AAFB9CB6E6BBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-checkout.htmlMD5=A511CC65F62F99F39DDBD5D875619A0E,SHA256=F1DFD87944CE5CB8FCEE2229B05A24D0D6CB1410F0C1A2A8FDB2CB3A4B168CC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-checkout-index.htmlMD5=B707B91852C1D94B3CAF433DDB35FF87,SHA256=C20B4ED2B3CEDFF5679B8DA068326AAEFE6F840D9200BC2433043243664EF5C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-check-ref-format.htmlMD5=E002924EA0C652ACB353F2F79BDC93FF,SHA256=AB838923D4AB69AD0578F468FB888D697D6C9953A62F9A6751E03A85BC821D83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-check-mailmap.htmlMD5=63B29A4AD1607B67B6F6B77B9013F24A,SHA256=93239A1AAD1F8714F1EC790F0722FE6CFD413A43936A37E6D97D00504DA2F228,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-check-ignore.htmlMD5=EAF8DDB363C60AE5C43467C6FC0EE8AE,SHA256=8B4BDEC84B9C56DAA3764C3109C259E14A0A250573ED40B9EE55DECF075B6A89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-check-attr.htmlMD5=310F82356576BDEDC3B78B91F2C91671,SHA256=1D4F2FD451563FF0FA77E66E607A297B46E668B9B443AF5314157D6ADD622E35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-cat-file.htmlMD5=7B6D14CDA05C7A4556987A3C46C00878,SHA256=D88DB2FFF1FA98F1AD1C97B51394F7037866FC60F9701B008B9A9DE34DD23B4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bundle.htmlMD5=980700FD861C46D53FC7665C602D0109,SHA256=3B89FB5898D5E847FB13DAC51987F5CCDBC41C705A2D5832E6F7A75C240A43E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bugreport.htmlMD5=50EA24CDD98440F49DD2BABCDC32561B,SHA256=9E57512D573A365C9502E44A4C7A57AD194D6147D430EE44D2433D2C45D8FEF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-branch.htmlMD5=974FE3DC74C89D7F92C61C5A5166780F,SHA256=E4BFA804B74342E2E17C0AB5FDD82080AD9A4616D877737F6553C8C0E749EF16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-blame.htmlMD5=D4C64598A2A6E38225BCE51EBD7A17BF,SHA256=E5AD2A2AF398E5A20847010669745A27AFF84E14647156727BDFF6688E048519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bisect.htmlMD5=3BB397EE4A90522166C3B250A5A73FAA,SHA256=036CEA76B91FEE41FF59704709A8EE2CDE8D4DCD6C31328CB76A71B73D9BD436,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F46861F9B9B07C53492874CA4F279FD9,SHA256=B6995ACB898DD232E6BEF769AF07D1608023FBD028D2E74AD19189069728ED5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.629{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpAzSubmit.dllMD5=C10F256B7606EE5B1BED880020F68912,SHA256=C649EC99F87F684D22157755E5F8E0AF7C1EFD54853493965A673A3F0FFB4AC6,IMPHASH=300ED5E63E8A71D34B395F9FB0DBF683truetrue 23542300x800000000000000059575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bisect-lk2009.htmlMD5=75966CE69B48919CACABCFD330BB105D,SHA256=88F4D9E15B4DC8D2393707972E864026CD1C93E5FFD714FE9703534BE3278246,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-bash.htmlMD5=12D584D2E4DB63CD57761EC933E18761,SHA256=233985883EEA9570642F95F8D5D05DC831D0B86BDB6351E2B05DB2FEFE9E5718,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-archive.htmlMD5=99417AAD06E515F49390EF7D80B08734,SHA256=17B7089A0B5997363C44B6D3A92ECBF962448D92839573C593959B96E22F6123,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-apply.htmlMD5=51A2EE060C89F62D3FDED5EE219A7FA7,SHA256=EDF3714B117FD2DC38BED4D6D06A44AA23D1BB2456A24B3A274121C20A8C1D77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-annotate.htmlMD5=F103E7EE56B11C0CEC5A4C4B85C7B72E,SHA256=4D997EF2F8F252CA044621F3DEF3F4F8B465D68B1122AFCB80CADBFDBCCABAE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-am.htmlMD5=75CA00FA14A446EA5D3019F693347E86,SHA256=2B62603603AAAFFFE07095B9767C36FC299EE27FDDEA795333E6E50ADBEB8E06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-add.htmlMD5=1067A9BC745C31ECEBEFC0D05B583C44,SHA256=6E3C99CDD45ADBBE82CC48649632BB33FE418790638F36CBC5069CE81FBDA6A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\everyday.htmlMD5=37DBD1E181C056133BA18651CD7C9472,SHA256=92A90448173B5451DAF4D9100C38A872A51FD20E24B5071888CD0E7E00DB458E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\connect\manual.TXT2022-01-20 07:58:45.116 23542300x800000000000000059566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\connect\manual.txtMD5=1351B390AE62D5623B2373AD1FF4CC2D,SHA256=1C3C79672658E589232D081DD10FEB5620768A9F6A68E930D453093D36A79CDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\connect\manual.htmlMD5=5ECE43F1CB07EE9C0F4D216F2CC81E5E,SHA256=79C24EC5DA507000CE16D2904867C91107B2A1C7159079DC1BCFB592094197C1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\UTF-8.TXT2022-01-20 07:58:45.116 23542300x800000000000000059563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\UTF-8.txtMD5=C31BDDB42E69DE8E6EB52F00D43BD108,SHA256=2401EE812FF859A85F3B737BE7DAF32F19C11946ECAA5F5E66468ABAE4FE2D43,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\roman.TXT2022-01-20 07:58:45.116 23542300x800000000000000059561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\roman.txtMD5=E7F3FC02807179D7D3961C56FDB9E1B3,SHA256=28A1AFA59F16F188EBD459995FB11C8679B07D30FD208B9C4009FBF9BB103274,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\MacRoman.TXT2022-01-20 07:58:45.116 23542300x800000000000000059559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.582{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\MacRoman.txtMD5=A08A3363AA070353BB61E0932CAF0F40,SHA256=7FABDB769C535B7F195DDF7C422A156DB203EF97F11600278AFB9FE297BECCB3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.581{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\MacCyrillic.TXT2022-01-20 07:58:45.100 23542300x800000000000000059557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\MacCyrillic.txtMD5=87E3BB393D087BDC8057E33BE6F366DD,SHA256=A915D23B499D8D94D6E1AD2DBDCCA06E1A5C4F36FFA37E7152B4591F1CB074F8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\koi8-u.TXT2022-01-20 07:58:45.100 23542300x800000000000000059555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.577{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\koi8-u.txtMD5=B89334D5F29B1630C195355120FF8836,SHA256=28C0691EA7D03241FD6D96F2BAB3973CDADA800C4A20AF458543800279885728,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\koi8-r.TXT2022-01-20 07:58:45.100 23542300x800000000000000059553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\koi8-r.txtMD5=A66FB8E72381BF5AF69D69F1EE6E0FF0,SHA256=D635512126976AEC2C4FAB3AEEB346BB653E9211C44D2A018DD27FBE86C654EC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp866.TXT2022-01-20 07:58:45.100 23542300x800000000000000059551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp866.txtMD5=B6D058F54D857344D4701A94BC88FCB4,SHA256=64BAADCBCCC437E8E87E12C53478DB8B459174C66FD269BF16CFDEB69CBB70FA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp864.TXT2022-01-20 07:58:45.100 23542300x800000000000000059549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp864.txtMD5=42AD2BD496EA0C3F64E259917C3B8B83,SHA256=BFAC522704129492B0669E9C5B07727BB56E076CC18F455566A117BFB8BE924A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp862.TXT2022-01-20 07:58:45.100 23542300x800000000000000059547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp862.txtMD5=3B05F95118D90D1EE79C560AF417551D,SHA256=273EBE82ED409AE00C26BD8C6FD77ADF4859B041FCB0A627C42F4A437C5E42DC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp852.TXT2022-01-20 07:58:45.069 23542300x800000000000000059545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp852.txtMD5=7AC39EAC594D187AFFA3D8ED5AB07A1A,SHA256=1937D70560031A7D21755E1F947D7719F719296DC12023CBA38CFBCDCE44273D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp850.TXT2022-01-20 07:58:45.069 23542300x800000000000000059543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp850.txtMD5=9DD494E7D591740C12DE4A8FA1651FEE,SHA256=359D83A9335BCD298A14F1D30368803B2D327983FCFF29DA14A27AED0A9ECCB9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp437.TXT2022-01-20 07:58:45.069 23542300x800000000000000059541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp437.txtMD5=8C9ACC2E686B6CDE6FD8D8CD87EB5B76,SHA256=6E4E148EECD8C352CAA0A07E5BC5BDD84966D5253235FAB62E99BA36730092A3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1252.TXT2022-01-20 07:58:45.069 23542300x800000000000000059539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1252.txtMD5=93FB108016F8A1E87E4129B21FE9984B,SHA256=FCA3AB5882F0A562794F05D7F15A39157C59D7C07FCBAC79AB7CF3D12C979541,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1251.TXT2022-01-20 07:58:45.069 23542300x800000000000000059537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1251.txtMD5=2926366654DBC6711EE71BA2589161C3,SHA256=F87ED4480CFDDB8F5F6226292338CA407CCC7B1A543F3832F1D20AFF6CB72A58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpAsDesc.dllMD5=A27F0ABF90F3B468C6F15CDAFBBC3312,SHA256=503DF4EF842D6621139D4A15D68955E4926C0C6B5CCCEF60323290A6FC08343F,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000059535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1250.TXT2022-01-20 07:58:45.069 23542300x800000000000000059534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\cp1250.txtMD5=3C9476725FBFEEFFB9F549D995EE2815,SHA256=CF79BA755416AE5628A9DD1F870306B5A45FD6B256EFED0C2AC1CC2CCB3307F0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-9.TXT2022-01-20 07:58:45.069 23542300x800000000000000059532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-9.txtMD5=DC12E2B5E874EDC397380FFD8AE55ED2,SHA256=976D48DFFF033C7BFEDD08BC61D26F0A5FEFB4C3F48F8735F454E100CF40294C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-8.TXT2022-01-20 07:58:45.069 23542300x800000000000000059530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-8.txtMD5=C77336D026DC44CB4BFA23DD89FA9DDE,SHA256=4BEA5CF4B048E3B7CCF704EA153EDCF77D2A4C627DD8710F8F7E037AFB62A171,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-7.TXT2022-01-20 07:58:45.069 23542300x800000000000000059528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-7.txtMD5=1E6FE1C4FCA8C960780A7E721DC29448,SHA256=73B347025D12C050D82C1385D3756A5EB79F6E7B21E1ED91EE344590A2D1EE3F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-6.TXT2022-01-20 07:58:45.069 23542300x800000000000000059526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-6.txtMD5=0B6FCA3CF6CED7832EC98BD83E9D8573,SHA256=A2917A1017ECB3C82FC44CD57365DBDA0788F7CC1E8DA94D8175F6600CF03548,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-5.TXT2022-01-20 07:58:45.054 23542300x800000000000000059524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-5.txtMD5=4C2E46C0B5C710935C6D48A96A930F55,SHA256=C1244FABAD6E9B7A8053DA89448C42388BBE93681742E01E74F7A22B7F08E3ED,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-4.TXT2022-01-20 07:58:45.054 23542300x800000000000000059522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-4.txtMD5=DE68D2887E903B683AC7DE31FCF86E04,SHA256=5BB8F1FA3FDF6DF88EE3D1A17F58BDF5E336F6B665D58EA04BF7BD7BDBF259DC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-3.TXT2022-01-20 07:58:45.054 23542300x800000000000000059520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-3.txtMD5=508E6E6C9944169639D3110E0B973CE0,SHA256=A7906A91EC3A4AC7F10EC7E25966D36D98FB720F401D595DE5F9F06AB1F2B2A7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-2.TXT2022-01-20 07:58:45.054 23542300x800000000000000059518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-2.txtMD5=9C338678A16843FD60FCD12602F767E5,SHA256=5C81ECA66455C5B36853C8A66495F58636643F6DDB261083D877A7F2A48287B7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-16.TXT2022-01-20 07:58:45.054 23542300x800000000000000059516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-16.txtMD5=E4054D6687231B28907D0146A3A4C827,SHA256=C2ED919E5A107C07B13D702320EB532C83360452BB0D3FBF09FB1D920343EAD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Windows-Windows Defender.manMD5=36F8A68EECFB5B89C4C571F6A63E3ECA,SHA256=4D76246642181E38F87B623AF82BF7454050D05775F546506CFACA1608BE9633,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-15.TXT2022-01-20 07:58:45.054 23542300x800000000000000059513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-15.txtMD5=B1233F8FB662A710D5CF9FFA8B603BF5,SHA256=0E8C5AA710FC1E8537E84DCD86704A4A4EBB289791121ACEA82AC5474B1BC123,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-14.TXT2022-01-20 07:58:45.054 23542300x800000000000000059511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-14.txtMD5=FA40746824C8B2361C6E7D390B16C468,SHA256=79143EE49AB465F2317B9D3ADE16F07EC6CF6314506426FA5B366A6E742FC15A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-Service.manMD5=B003B1DFFD9221745ED31E2979B28574,SHA256=5AE7493F638252D49F18B084D7CEA4E88D3AF6B1170C8C16EABF5C6AE849E3C9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-13.TXT2022-01-20 07:58:45.054 23542300x800000000000000059508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-RTP.manMD5=35AC30A8637BC0EB2F7902B8C69BF904,SHA256=FE761134076253DC11CF8C154CA43E762C61C28D0A817E76351FFEF32CCF59C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-13.txtMD5=F97C84A786088BD85262F57DF05408FD,SHA256=6E07D8120D8225F0556C9C7F477C7D4392141290C3AE7F6A81C3926C34C0E52C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-Protection.manMD5=E4AD891E7B62475FCA109C0DF4DEF16E,SHA256=DF9AD93CDB61587A35FCDCE996955A64413439A474D85C86133A9E9C185D1966,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-11.TXT2022-01-20 07:58:45.054 23542300x800000000000000059504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-11.txtMD5=52F00F158B1B3554D4A2A0924F6DE3D5,SHA256=9063AA1EE6C9B54B7E95661F41B3EF7F1C9BEEC99158C98B04DA43325BE5A4DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-NIS.manMD5=5562965C32F03AE0DF8B9DEF950F8651,SHA256=EA64BE59286B67AE930729FA92B2B08DCE5C2EAEB70FEABE2320C47FB6DDAC6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Microsoft-Antimalware-AMFilter.manMD5=B6D65A86FC1999A62DA10EA3C4CAD3E4,SHA256=05B2BFD40FB3A344C3AE178C420A7FEA9595815CB1CC07843078112F5F551EAF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000059501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-10.TXT2022-01-20 07:58:45.054 23542300x800000000000000059500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-10.txtMD5=1756FE8A4076A0ACBAA84F31F73A5E18,SHA256=13339AD725052723FF6AAC91CEEF1A120A3231C4FAC647E0B63D5565EFDD2A53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\endpointdlp.dllMD5=BBDFA9DA2F8E10903C095F504A2188B1,SHA256=4B3DE446F41D0410C06E9FAFF8823D380BCBDADB5B381C702CE3A5E2535A7142,IMPHASH=4E716FB51FA8B3F8D25BBE321A933985truetrue 11241100x800000000000000059498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-1.TXT2022-01-20 07:58:45.054 23542300x800000000000000059497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\antiword\8859-1.txtMD5=12E09BD6C9C501B55E0F27ACAF60C672,SHA256=884EB5AE5AA74867C7B2C93A40B9460920E26731DFAFA58F783E9D568FC79055,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\libexec\git-core\GitHub.UI.exe.configMD5=FF6B196838ACB06FAC7526A610F87C26,SHA256=F46FDA9621B8060930E1FE1A656594358D838CC0750016871BA15F861B056891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ConfigSecurityPolicy.exeMD5=065E4E5BE96865266D1FC4449274CE20,SHA256=98E3951BA9FACFB2B878D98D237D63C675878A09D9B6E18640C96746B6665041,IMPHASH=C1B5D6B4F7C8A5BCC84810A010E14536truetrue 23542300x800000000000000059494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.482{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\libexec\git-core\git-credential-manager-core.exe.configMD5=FF6B196838ACB06FAC7526A610F87C26,SHA256=F46FDA9621B8060930E1FE1A656594358D838CC0750016871BA15F861B056891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.481{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\libexec\git-core\Atlassian.Bitbucket.UI.exe.configMD5=FF6B196838ACB06FAC7526A610F87C26,SHA256=F46FDA9621B8060930E1FE1A656594358D838CC0750016871BA15F861B056891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.479{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\com.microsoft.defender.be.chrome.jsonMD5=60A2FC65D3CC1D3DE9ECD2C5319738FC,SHA256=6C6F52B13235148AF305BD614779EA885C00B64D0BB7CC764E3C67198CC524A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.478{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-TW\ProtectionManagement.dll.muiMD5=5EEAFAC8017831BED41402B0CFB7CD1A,SHA256=AC5968C53994D55E2FBC20A5BA9DF19F9A6B7F3619E56E859BC9A85E7ED3CEDF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\sv.msgMD5=DB1712B1C1FF0E3A46F8E86FBB78AA4D,SHA256=B76EBFA21BC1E937A04A04E5122BE64B5CDEE1F47C7058B71D8B923D70C3B17B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-TW\mpuxagent.dll.muiMD5=9FD7C75F65C5AB7CD0379337ACE6777D,SHA256=4D4D6B443BF0C29D97517763702B24229E0656312D1B3810104B60B3CE4A026C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-TW\MpEvMsg.dll.muiMD5=3B15F377EF6F4A43466F4D8CA2ADAC8A,SHA256=322B9C5DE528180BDBF2F8E0BDEAA724779BFEB4A1A84F30875FFB2CD4BB7F5E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\ru.msgMD5=D7C27DBDF7B349BE13E09F35BA61A5F8,SHA256=C863DEBAB79F9682FD0D52D864E328E7333D03F4E9A75DBB342C30807EFDCFFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-TW\MpAsDesc.dll.muiMD5=72632B8E416A153787D2D010D6C374E0,SHA256=CE2B21F5F25E574ED7B5FC7C381B82A46274C69A803393183E03773404B9C384,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\pt.msgMD5=236356817E391D8871EA59667F47DA0C,SHA256=AD0E466131D3789DE321D9D0588E19E4647BA82EDE41EEE6EBEF464786F8BDBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-CN\ProtectionManagement.dll.muiMD5=E648AA637FDBB85D8E5513FC36367941,SHA256=0E827FA44D0228A1819611BB935FEE4B49B77F225D1A0AB1106052271489B7BF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\pl.msgMD5=17B63EFE0A99F44D27DD41C4CC0A8A7B,SHA256=1993B4EC2DC009D2E6CA185D0BD565D3F33A4EFA79BACA39E4F97F574D63F305,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-CN\mpuxagent.dll.muiMD5=ECA0F1F0613ADC6AB3AD41A4231644DA,SHA256=C32E60C50963BA642B2B147A4ADB208338DDA9AB6A5F7220C8845950D72F7BAB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-CN\MpEvMsg.dll.muiMD5=5FD7A02D2B6C5EE2ED14E07A4A6F36BD,SHA256=7EB646897BD9FF85CD859A48BFF19D994AA44137AD6B06E90AD2C7F0F2A65C9D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\nl.msgMD5=B628EAFD489335ED620014B56821B792,SHA256=D3D07AAD792C0E83F4704B304931EA549D12CBB3D99A573D9815E954A5710707,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\zh-CN\MpAsDesc.dll.muiMD5=6B9084CA751B5AE068F5162096D2A1CF,SHA256=A6D1822E0600E72B0BF263A93084EA5641472E0EE4ED0CBFC2F51C5371927905,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\it.msgMD5=ADB80EC5B23FC906A1A3313A30D789E6,SHA256=9F83DD0309ED621100F3187FFCDAE50B75F5973BBE74AF550A78EF0010495DED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MsMpLics.dllMD5=30AC9560D381D704B9F7ADDAF0F82A94,SHA256=E1FA909C9A6BFE68C219734F54A1605A0920E6E0914D780DF59F7855BE6A0F5C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\hu.msgMD5=E1BA9C40A350BAD78611839A59065BF0,SHA256=C8134EAD129E44E9C5043E1DAD81A6A900F0DE71DB3468E2603840038687F1D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpOAV.dllMD5=F963795F0C4B10F6A06D44A89025A235,SHA256=C0C9B303A85E085CAF876CD46EB30152F4D5557F404B2F896728802C4A427E4C,IMPHASH=B153971B18B753F5A5050CE54B02C2E0truetrue 23542300x800000000000000059474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\fr.msgMD5=9FC55235C334F6F6026D5B38AFFB9E10,SHA256=0A8BBB4D1FD87BF7A90DDFA50F4724994C9CE78D1F3E91CF40C1177DB7941DC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\es.msgMD5=93FFA957E3DCF851DD7EBE587A38F2D5,SHA256=91DC4718DC8566C36E4BCD0C292C01F467CA7661EFF601B870ABCDFE4A94ECBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpDetoursCopyAccelerator.dllMD5=E14F76935B760B68B34AAB00CC6A7116,SHA256=20B97E552984F597711D8A8C766A809F51657F1F59A9BA3CEE13E7CD97717FAF,IMPHASH=74478D3FF071B77E9B32D63F1F5AA17Atruetrue 23542300x800000000000000059471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\eo.msgMD5=09EF4B30B49A71FD4DEA931E334896E1,SHA256=5DE113DC4CE0DF0D8C54D4812C15EC31387127BF9AFEA028D20C6A5AA8E3AB85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpDetours.dllMD5=B8D9BDFE2B9E5CC434D08C2D58EE362A,SHA256=5EABB3CA44F9247703978939C1C1759CBF9D69BD0D53F4B9D3BEFDF476415DB8,IMPHASH=6E757FB64260833FA5C6C4D97D8045D3truetrue 23542300x800000000000000059469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\en_gb.msgMD5=EC6A7E69AB0B8B767367DB54CC0499A8,SHA256=FB93D455A9D9CF3F822C968DFB273ED931E433F2494D71D6B5F8D83DDE7EACC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\en.msgMD5=64725ED622DBF1CB3F00479BA84157D7,SHA256=673C76A48ADA09A154CB038534BF90E3B9C0BA5FD6B1619DB33507DE65553362,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpCmdRun.exeMD5=ECA84EEA3FC50DBC31A17D271B7062AF,SHA256=B0337D5C7D36278EC6707749F35341EB6EAAD8B1713125C043E298021BA07401,IMPHASH=95D49CB882332BDC4900DE33E1D18DB9truetrue 23542300x800000000000000059466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\el.msgMD5=C802EA5388476451CD76934417761AA6,SHA256=1D56D0A7C07D34BB8165CBA47FA49351B8BC5A9DB244290B9601C5885D16155C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\de.msgMD5=07DF877A1166E81256273F1183B5BDC9,SHA256=06DD7572626DF5CB0A8D3AFFBAC9BB74CB12469076836D66FD19AE5B5FAB42C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\da.msgMD5=C414C6972F0AAD5DFA31297919D0587F,SHA256=85E6CEE6001927376725F91EAA55D17B3D9E38643E17755A42C05FE491C63BDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\msgs\cs.msgMD5=EBAFA3EE899EBB06D52C204493CEE27A,SHA256=D1B0FED0BEA51B3FAF08D8634034C7388BE7148F9B807460B7D185706DB8416F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpClient.dllMD5=6080672558962E1E2AAD8CFDF838A294,SHA256=3986D2EB04BC82362722BB70C71BCBABBD0FCF567B278BA6DC3770ADDDCC45C5,IMPHASH=9F614314F6D26F33EFAA597705EF50CCtruetrue 23542300x800000000000000059461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\tai-ku.gifMD5=048AFE69735F6974D2CA7384B879820C,SHA256=E538F8F4934CA6E1CE29416D292171F28E67DA6C72ED9D236BA42F37445EA41E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo75.gifMD5=7013CFC23ED23BFF3BDA4952266FA7F4,SHA256=462A8FF8FD051A8100E8C6C086F497E4056ACE5B20B44791F4AAB964B010A448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo200.gifMD5=A5E4284D75C457F7A33587E7CE0D1D99,SHA256=BAD9116386343F4A4C394BDB87146E49F674F687D52BB847BD9E8198FDA382CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo175.gifMD5=DA5FB10F4215E9A1F4B162257972F9F3,SHA256=62866E95501C436B329A15432355743C6EFD64A37CFB65BCECE465AB63ECF240,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo150.gifMD5=711F4E22670FC5798E4F84250C0D0EAA,SHA256=5FC25C30AEE76477F1C4E922931CC806823DF059525583FF5705705D9E913C1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\pwrdLogo100.gifMD5=DBFAE61191B9FADD4041F4637963D84F,SHA256=BCC0E6458249433E8CBA6C58122B7C0EFA9557CBC8FB5F9392EED5D2579FC70B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\logoMed.gifMD5=BD12B645A9B0036A9C24298CD7A81E5A,SHA256=4D0BD3228AB4CC3E5159F4337BE969EC7B7334E265C99B7633E3DAF3C3FCFB62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\logoLarge.gifMD5=45D9B00C4CF82CC53723B00D876B5E7E,SHA256=0F404764D07A6AE2EF9E1E0E8EAAC278B7D488D61CF1C084146F2F33B485F2ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\logo64.gifMD5=B226CC3DA70AAB2EBB8DFFD0C953933D,SHA256=138C240382304F350383B02ED56C69103A9431C0544EB1EC5DCD7DEC7A555DD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\images\logo100.gifMD5=FF04B357B7AB0A8B573C10C6DA945D6A,SHA256=72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.382{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\nl.msgMD5=CD87735CE34105D24BA7D70CFCBD68BD,SHA256=C03318F95CFCEBACDA5A58C0B03703B93DD938050FE08D95A63A240188C733AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\tcllogo.gifMD5=FF04B357B7AB0A8B573C10C6DA945D6A,SHA256=72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\ouster.pngMD5=FE7DC3E7562C55EFDBC7B18DB0924D26,SHA256=A2FE354DFCB09B9EEB488128F4AC0B498766FAF4A8BECF65BBCD779BDB9C4C8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\earthris.gifMD5=4D10E3A9B9C5CC5AB490962AFA9BFE6C,SHA256=C2DA473E55D8317BD1F983638ADB729BFF1461DE590D76F99D8B3430C71E0F6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\earthmenu.pngMD5=D0312D9A617BA1214FD3EDCE5EC5DA53,SHA256=9BF8D96016039D7FDB2FFC506743724636A70ED5925199AAB64CA20820963BDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.361{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\images\earth.gifMD5=34D2114D2AC22DD7F97232D241402028,SHA256=88AF7AE24FD08D5EB144E938A4381D28638BC50D15C8E5F3E30CA73B0FBA961F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000059445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:30.002{6F5BEE90-18B8-61E9-2C00-000000002102}2984C:\Windows\sysmon64.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52445-false104.18.31.182-80http 23542300x800000000000000059444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.345{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tk8.6\demos\en.msgMD5=91F2798EF7775B7203E11FFFE878AC79,SHA256=9ED968CE55283D06066D99E366A5A7CD1F3303235B5C6626C7828141AE5C0EC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.330{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh_tw.msgMD5=9CD17E7F28186E0E71932CC241D1CBB1,SHA256=D582406C51A3DB1EADF6507C50A1F85740FDA7DA8E27FC1438FEB6242900CB12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.330{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh_sg.msgMD5=E0BC93B8F050D6D80B8173FF4FA4D7B7,SHA256=2683517766AF9DA0D87B7A862DE9ADEA82D9A1454FC773A9E3C1A6D92ABA947A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.330{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\MpAsDesc.dllMD5=FFF62C12CDFBB5F8245F0C5E09CE6276,SHA256=55E058C5969102272EA423BFE8467325FBE0DA2627258DB99243307280778B54,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.330{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh_hk.msgMD5=D8C6BFBFCE44B6A8A038BA44CB3DB550,SHA256=D123E0B4C2614F680808B58CCA0C140BA187494B2C8BCF8C604C7EB739C70882,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh_cn.msgMD5=EB94B41551EAAFFA5DF4F406C7ACA3A4,SHA256=85F91CF6E316774AA5D0C1ECA85C88E591FD537165BB79929C5E6A1CA99E56C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\endpointdlp.dllMD5=8413BF8A8B935E57D301CBCDA64E1934,SHA256=EA371C42AED818BF88AB029F439167F803ADB1C9595B7DDB8DFF16EBBA591828,IMPHASH=DF639EAACE96DA9DCDDBF265D8B56341truetrue 23542300x800000000000000059437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\zh.msgMD5=9C33FFDD4C13D2357AB595EC3BA70F04,SHA256=EF81B41EC69F67A394ECE2B3983B67B3D0C8813624C2BFA1D8A8C15B21608AC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\vi.msgMD5=3BD0AB95976D1B80A30547E4B23FD595,SHA256=9C69094C0BD52D5AE8448431574EAE8EE4BE31EC2E8602366DF6C6BF4BC89A58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\uk.msgMD5=458A38F894B296C83F85A53A92FF8520,SHA256=CF2E78EF3322F0121E958098EF5F92DA008344657A73439EAC658CB6BF3D72BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\tr.msgMD5=3AFAD9AD82A9C8B754E2FE8FC0094BAB,SHA256=DF7C4BA67457CB47EEF0F5CA8E028FF466ACDD877A487697DC48ECAC7347AC47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\X86\en-US\MpAsDesc.dll.muiMD5=499D4C07DDF2D258B8CB7B37A1D892CC,SHA256=3994A0D7AFCE70F018B673C5689E192CE28545C55AFAFEE1C37743AA0F934CF8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.314{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\th.msgMD5=D145F9DF0E339A2538662BD752F02E16,SHA256=F9641A6EBE3845CE5D36CED473749F5909C90C52E405F074A6DA817EF6F39867,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\vi-VN\mpuxagent.dll.muiMD5=F587B7F551D3304A63BE6764965B701C,SHA256=B45C39AE05934549E09841C0391F844C1B63FBB9134B2EBC8CC9F4B426178D11,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\te_in.msgMD5=443E34E2E2BC7CB64A8BA52D99D6B4B6,SHA256=88BDAF4B25B684B0320A2E11D3FE77DDDD25E3B17141BD7ED1D63698C480E4BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\vi-VN\MpAsDesc.dll.muiMD5=8292B42976EA7E5B4A5143006550C0DB,SHA256=652CA8F94969FE4BAADEAE439D48274B2E0C828169B523D5CE9D9C5E1CDD6951,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\te.msgMD5=0B9B124076C52A503A906059F7446077,SHA256=42C34D02A6079C4D0D683750B3809F345637BC6D814652C3FB0B344B66B70C79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ur-PK\mpuxagent.dll.muiMD5=023469B9CE9A65693DDE3DAAA3B7F41C,SHA256=BAF468BF80396223C1A0B93DC499A8B713C12E8656BA42D3D2176DC29E729237,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ta_in.msgMD5=293456B39BE945C55536A5DD894787F0,SHA256=AA57D5FB5CC3F59EC6A3F99D7A5184403809AA3A3BC02ED0842507D4218B683D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\uk-UA\mpuxagent.dll.muiMD5=F345D7719ED1F32D9443AB71D36BAC3E,SHA256=13AC1F29F2108EC7DB952EDBC6F51DA4D2F0CBDA46B514EFF70B2E96E06B37B9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ta.msgMD5=2D9C969318D1740049D28EBBD4F62C1D,SHA256=30A142A48E57F194ECC3AA9243930F3E6E1B4E8B331A8CDD2705EC9C280DCCBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\uk-UA\MpAsDesc.dll.muiMD5=088D2A1E50EF7AF09C5D828C322DA741,SHA256=535E01F1C8A430CDCA3A804A92D80B6319017737D4B8CB431F5C23B1EF4AFE5C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sw.msgMD5=4DB24BA796D86ADF0441D2E75DE0C07E,SHA256=6B5AB8AE265DB436B15D32263A8870EC55C7C0C07415B3F9BAAC37F73BC704E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.298{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ug-CN\mpuxagent.dll.muiMD5=F9007E5EF37ED62D4574EA8F1AA41875,SHA256=7B74D3CA3A9951C039993B34BC4A04BF810A6FCA726485599E336ABEB5E2F3EB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sv.msgMD5=496D9183E2907199056CA236438498E1,SHA256=4F32E1518BE3270F4DB80136FAC0031C385DD3CE133FAA534F141CF459C6113A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\tt-RU\mpuxagent.dll.muiMD5=2A6AFABE73744D9F425AD9D689A536E4,SHA256=8317A8E6F50BD32F95317BE8EEA81E17E2A7663CB62186995CBBA994DDDCE0DF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sr.msgMD5=5CA16D93718AAA813ADE746440CF5CE6,SHA256=313E8CDBBC0288AED922B9927A7331D0FAA2E451D4174B1F5B76C5C9FAEC8F9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\tr-TR\mpuxagent.dll.muiMD5=FE8D22F1A5E40B9B74C7DB47C7C3CAFB,SHA256=45FDAD8C8F84182DA054E152C5F2CB132DB835BD9DD8816C19EFDFB070AEEB6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\tr-TR\MpEvMsg.dll.muiMD5=72793569DA2104C377C013B7FF0DC4AA,SHA256=AAA4B1E8BDA6A3CDED4D7BDDB69277EE7D5596453EE4667DF0275AAED5ABC059,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sq.msgMD5=931A009F7E8A376972DE22AD5670EC88,SHA256=CB27007E138315B064576C17931280CFE6E6929EFC3DAFD7171713D204CFC3BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\tr-TR\MpAsDesc.dll.muiMD5=40287708A40088B80943086E910F6D2D,SHA256=80364521D699C22083CD4BABE754DD98D4897F22CBE2D658E1605A5558064BF6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sl.msgMD5=2566BDE28B17C526227634F1B4FC7047,SHA256=BD488C9D791ABEDF698B66B768E2BF24251FFEAF06F53FB3746CAB457710FF77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\th-TH\mpuxagent.dll.muiMD5=19FBFBC2D7C95B8580A4C38A5B4DBFA5,SHA256=447674122E4A5E67132BEDBE0E9FC383B04C3A8766A77FC7106758E3847D29E0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sk.msgMD5=B2EF88014D274C8001B36739F5F566CE,SHA256=043DECE6EA7C83956B3300B95F8A0E92BADAA8FC29D6C510706649D1D810679A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.283{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\th-TH\MpAsDesc.dll.muiMD5=7B0C4FD9826AD7EB0E9486581E8CA50A,SHA256=466DA97CB1ACE2FDB0640D14985F7D609BD200CFAC489145EAF12180C8140579,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.282{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\sh.msgMD5=C7BBD44BD3C30C6116A15C77B15F8E79,SHA256=00F119701C9F3EBA273701A6A731ADAFD7B8902F6BCCF34E61308984456E193A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.281{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\te-IN\mpuxagent.dll.muiMD5=B48495672B8C2953E207915CC937FE09,SHA256=AB35CB5076BE4D422C979227A2A53F28CF0BEE720F177AB0F5BEBB7A2D94B93E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.277{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ru_ua.msgMD5=E719F47462123A8E7DABADD2D362B4D8,SHA256=AE5D3DF23F019455F3EDFC3262AAC2B00098881F09B9A934C0D26C0AB896700C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ta-IN\mpuxagent.dll.muiMD5=5643685F146F6D3FE21A20D48ADB152F,SHA256=95A564843D4545EFFC97B6E82102D4DC68959400C2B791F64D3361031AD709A7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ru.msgMD5=3A7181CE08259FF19D2C27CF8C6752B3,SHA256=C2A3A0BE5BC5A46A6A63C4DE34E317B402BAD40C22FB2936E1A4F53C1E2F625F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sv-SE\mpuxagent.dll.muiMD5=82C9C6174E08258BBE12FDAE6A21254D,SHA256=FD0D9CF27F78F3A14711959F2DF8CD2425DB148394A92EA5B93E46DD23B1CE37,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ro.msgMD5=0F5C8A7022DB1203442241ABEB5901FF,SHA256=D2E14BE188350D343927D5380EB5672039FE9A37E9A9957921B40E4619B36027,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sv-SE\MpEvMsg.dll.muiMD5=96FB7CA817E3C5DAFFEBDFEC7D84A518,SHA256=35AE2935EC38672E29A09E85FEDF04B6698D5A0EF6DB3935825417DB01D09501,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sv-SE\MpAsDesc.dll.muiMD5=F98760FC587DDD6A9F74ACC580D3EBD6,SHA256=2D61497309D01463A866DF853E2BE71EFC44EC7AE10D1D7C23EABFB39D4DF852,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\pt_br.msgMD5=4EE34960147173A12020A583340E92F8,SHA256=E383B20484EE90C00054D52DD5AF473B2AC9DC50C14D459A579EF5F44271D256,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\pt.msgMD5=D827F76D1ED6CB89839CAC2B56FD7252,SHA256=9F2BFFA3B4D8783B2CFB2CED9CC4319ACF06988F61829A1E5291D55B19854E88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sr-Latn-RS\mpuxagent.dll.muiMD5=5915C3DC6D3404A660F0ED04D9D0CA09,SHA256=3AF72E307F61020CFB0B24378EEF5D8A546E8097A547F1399252883ABFE2D552,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\pl.msgMD5=31A9133E9DCA7751B4C3451D60CCFFA0,SHA256=C39595DDC0095EB4AE9E66DB02EE175B31AC3DA1F649EB88FA61B911F838F753,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.261{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sr-Latn-RS\MpAsDesc.dll.muiMD5=172E4AEF12DFC1BBEB9725A42A0DA59F,SHA256=41BA0615BD5ECFDD5940C81D5D4CDD24FB2452237F164ADB7FC6FCE3AC2E0186,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\nn.msgMD5=2266607EF358B632696C7164E61358B5,SHA256=5EE93A8C245722DEB64B68EFF50C081F24DA5DE43D999C006A10C484E1D3B4ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sr-Cyrl-RS\mpuxagent.dll.muiMD5=DA0FB5E9E66DCB221D02970587884CBD,SHA256=16409B0BD47BC94250526CBF7EDF57F1AE6E163D7BC31E0FCB87C7E3350A5B1B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\nl_be.msgMD5=B08E30850CA849068D06A99B4E216892,SHA256=9CD54EC24CBDBEC5E4FE543DDA8CA95390678D432D33201FA1C32B61F8FE225A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sr-Cyrl-BA\mpuxagent.dll.muiMD5=667AA5FF4EFEA149C26082BCBEC21B47,SHA256=42C9A56A116B48A5AB9D1249B0601D09EBA8D6830B870286E3C096422120C4F4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sq-AL\mpuxagent.dll.muiMD5=B732F58E778DB9EDFBF0401DE3C711EC,SHA256=329D1D3BC2595E79D0FE6DA2702A29D374DCE86292EAB05AE10DF437603281F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\nl.msgMD5=98820DFF7E1C8A9EAB8C74B0B25DEB5D,SHA256=49128B36B88E380188059C4B593C317382F32E29D1ADC18D58D14D142459A2BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sl-SI\mpuxagent.dll.muiMD5=3CD9903B2FE11BE4B57D6B1CE74AA1EF,SHA256=E289488BA8E975B6B3D1B6702A7AFDAE17ACFF00242C46552D1FE205C6C42E22,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\nb.msgMD5=D5509ABF5CBFB485C20A26FCC6B1783E,SHA256=BC401889DD934C49D10D99B471441BE2B536B1722739C7B0AB7DE7629680F602,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sl-SI\MpAsDesc.dll.muiMD5=100089A25524739BC2285AE5DF1D5EC6,SHA256=63B78C5A175AB9022A40E361D8F0677D6DC272C62251987C3BB0100F064FD8DE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\mt.msgMD5=CE7E67A03ED8C3297C6A5B634B55D144,SHA256=D115718818E3E3367847CE35BB5FF0361D08993D9749D438C918F8EB87AD8814,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sk-SK\mpuxagent.dll.muiMD5=92664A84B358EAD0F5513B00F403B8FA,SHA256=115E15FF95B7140A5A7FAEC9D87298EE7FDBE65A35BB87497FCCB6B5BF236D6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.245{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ms_my.msgMD5=8261689A45FB754158B10B044BDC4965,SHA256=D05948D75C06669ADDB9708BC5FB48E6B651D4E62EF1B327EF8A3F605FD5271C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\sk-SK\MpAsDesc.dll.muiMD5=D27C1603DDD3C0C0CBB820063A60196B,SHA256=0E89422405CB31189A3E65E2CBB2268015EEC9CF6EBDF8729A217284275B7705,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ms.msgMD5=441CC737D383D8213F64B62A5DBEEC3E,SHA256=831F611EE851A64BF1BA5F9A5441EC1D50722FA9F15B4227707FE1927F754DE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ru-RU\ProtectionManagement.dll.muiMD5=50282BBFE6AE829BC1C71771E1BC077A,SHA256=E40346B619EBFD886FD2C765C2191FAE7B553579A1EFB39E295C87B039D56B94,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\mr_in.msgMD5=899E845D33CAAFB6AD3B1F24B3F92843,SHA256=F75A29BB323DB4354B0C759CB1C8C5A4FFC376DFFD74274CA60A36994816A75C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ru-RU\mpuxagent.dll.muiMD5=2E018CA3A3454FF784BB17F1145B4650,SHA256=72D1DA6C2467D00608C92B86429B7A2DB372C6713B88E4F8E61E0FC528005BAF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\mr.msgMD5=791408BAE710B77A27AD664EC3325E1C,SHA256=EB2E2B7A41854AF68CEF5881CF1FBF4D38E70D2FAB2C3F3CE5901AA5CC56FC15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ru-RU\MpEvMsg.dll.muiMD5=A20C3F56787D4A0917087441DACB0F12,SHA256=994707AE38DAB3F516367E93C8638E0CF70F3D239478A2A3982C88F1A4B5382C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\mk.msgMD5=CD589758D4F4B522781A10003D3E1791,SHA256=F384DD88523147CEF42AA871D323FC4CBEE338FF67CC5C95AEC7940C0E531AE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ru-RU\MpAsDesc.dll.muiMD5=E83EB650E2482B2C92FDB9F3AB4782A3,SHA256=EAB6A4702D4CD249C79E10302C150BBF39ABAF441F4915773F4D51A8D8FF947E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.230{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\lv.msgMD5=D5DEB8EFFE6298858F9D1B9FAD0EA525,SHA256=FD95B38A3BEBD59468BDC2890BAC59DF31C352E17F2E77C82471E1CA89469802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\lt.msgMD5=73F0A9C360A90CB75C6DA7EF87EF512F,SHA256=510D8EED3040B50AFAF6A3C85BC98847F1B4D5D8A685C5EC06ACC2491B890101,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ro-RO\mpuxagent.dll.muiMD5=616C5338172CFE983083D1212627B08E,SHA256=27770C854FF89414B16FBF9B0BAC1080592395AC16FCCF910D666D9DC922621C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kw_gb.msgMD5=D325ADCF1F81F40D7B5D9754AE0542F3,SHA256=7A8A539C8B990AEFFEA06188B98DC437FD2A6E89FF66483EF334994E73FD0EC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ro-RO\MpAsDesc.dll.muiMD5=0328C191B135EECF4E15E3A5D4A4C7AA,SHA256=29B5510FF091C19C95B9A4A563FD6A51890D426092DD15CB0B2CE696F4404EF9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kw.msgMD5=413A264B40EEBEB28605481A3405D27D,SHA256=F49F4E1C7142BF7A82FC2B9FC075171AE45903FE69131478C15219D72BBAAD33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\quz-PE\mpuxagent.dll.muiMD5=3D89170ECBC32DB0B715C78DF9121B01,SHA256=9462D9A0A7A5EA80B399C81A9A654E4CFA358D4994E11BF792D8DB8BB2F0F8E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ko_kr.msgMD5=9C7E97A55A957AB1D1B5E988AA514724,SHA256=31A4B74F51C584354907251C55FE5CE894D2C9618156A1DC6F5A979BC350DB17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-PT\mpuxagent.dll.muiMD5=075B782FDC73901B58A099BA2A232A0C,SHA256=C14F4A251BF432DAD1E62850F1CEBBB7689E5E50A305FCD6FF396C82426D3D22,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kok_in.msgMD5=A3B27D44ED430AEC7DF2A47C19659CC4,SHA256=BEE07F14C7F4FC93B62AC318F89D2ED0DD6FF30D2BF21C2874654FF0292A6C4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-PT\MpEvMsg.dll.muiMD5=149D70DD838FCC2AC04DABE7FE40C1FF,SHA256=27CF38D40D339C4469FCDA6D1DBD92A09B5172538656CEC159D0C3D8DCBEA4F0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.214{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kok.msgMD5=E7938CB3AF53D42B4142CB104AB04B3B,SHA256=D236D5B27184B1E813E686D901418117F22D67024E6944018FC4B633DF9FF744,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-PT\MpAsDesc.dll.muiMD5=EDFF30151F7A3372D5224E831C2DB3EF,SHA256=9E94380040D20E1957B31D76004ECBC97939302C097D4FE30902825900FF1CE0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ko.msgMD5=A4C37AF81FC4AA6003226A95539546C1,SHA256=F6E2B0D116D2C9AC90DDA430B6892371D87A4ECFB6955318978ED6F6E9D546A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kl_gl.msgMD5=4B8E5B6EB7C27A02DBC0C766479B068D,SHA256=F99DA45138A8AEBFD92747FC28992F0C315C6C4AD97710EAF9427263BFFA139C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-BR\ProtectionManagement.dll.muiMD5=FB61ED9BD05B8347B31F73D3B0F798FB,SHA256=7976AEC4E0DE7B10D5D038CC42B6412EF877D38CC255132BA388BED3B663D1A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\kl.msgMD5=AE55E001BBE3272CE13369C836139EF3,SHA256=1B00229DF5A979A040339BBC72D448F39968FEE5CC24F07241C9F6129A9B53DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-BR\mpuxagent.dll.muiMD5=DE0424196B36FBFE0C64FD8F2B22685D,SHA256=499EF8CC5E505D5D69B7259B036D510310D834D44F9A5B52E3072471AF7F0A39,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-BR\MpEvMsg.dll.muiMD5=AD8D6A506D4FE7E8DE0C0E9883CBA151,SHA256=29EAEC16675374C3DF48B054B3A15866811F3D265FB7258488B151336E50774A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ja.msgMD5=6CB38CA6889CFD116623E99E6B0869AA,SHA256=1FA391A6B22DDBA5FB0431DFE0507F0B0754140B424700F1675F72C279AB0A0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\it_ch.msgMD5=8666E24230AED4DC76DB93BE1EA07FF6,SHA256=2EE356FFA2491A5A60BDF7D7FEBFAC426824904738615A0C1D07AEF6BDA3B76F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pt-BR\MpAsDesc.dll.muiMD5=9497AC1A8B8DA9EB4149C0F8860C8A89,SHA256=76026F20BB91FC672C878D671A313AC10700B4081A57059FA67177AB95159146,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpWDOScan.cdxmlMD5=0DB7196D0224FBCE614AD6ACA63F8F17,SHA256=2D87A0FE031420903AE69DB3A30011DC659B489E2B11AA4129FED01ED3F0B00B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpThreatDetection.cdxmlMD5=7C91EEB90EFFB9A8D11DF34FA04FB359,SHA256=97DF56A7933A45143233D314EA947801BF0A475D55A9D852FB411FFD98CB4123,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpThreatCatalog.cdxmlMD5=125B977FF0EE6A36452A2B6FD5AE2316,SHA256=7856F35EB7FB72BBF8CAAAC05FD99CEE139F694209BCFBCA41AEB4C3B4CD2413,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\it.msgMD5=8E205D032206D794A681E2A994532FA6,SHA256=C7D84001855586A0BAB236A6A5878922D9C4A2EA1799BF18544869359750C0DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.178{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpThreat.cdxmlMD5=CF0F8A1D51777BDD9D08FEB023A2162A,SHA256=CFFD2BA2255685803B32ADE8D2D238A07AAEB8071EA04BCBB75CE0EF61FE9AE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\is.msgMD5=6695839F1C4D2A92552CB1647FD14DA5,SHA256=6767115FFF2DA05F49A28BAD78853FAC6FC716186B985474D6D30764E1727C40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpSignature.cdxmlMD5=A212A25B0FA39ACB5D3F02E1CC622730,SHA256=6A8DC2AA231D974A36E0EC86751139873226D6157232EDB63AFB2AEB110CD8F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\id_id.msgMD5=A285817AAABD5203706D5F2A34158C03,SHA256=DB81643BA1FD115E9D547943A889A56DFC0C81B63F21B1EDC1955C6884C1B2F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpScan.cdxmlMD5=7528936578CAEAEFE7B398C8EF4E0A47,SHA256=A51C86EFD506A132274C37E288B9B697BC865F14D6D6451DA7399C7B5F36751F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpPreference.cdxmlMD5=710B025F9E1944FDB020F27389A2E8B3,SHA256=AA9021CFDC42493E2A759BAD0159001FFB12110FF83CD16021E57570E6402805,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\id.msgMD5=CE834C7E0C3170B733122FF8BF38C28D,SHA256=1F1B0F5DEDE0263BD81773A78E98AF551F36361ACCB315B618C8AE70A5FE781E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\hu.msgMD5=0561E62941F6ED8965DFC4E2B424E028,SHA256=314F4180C05DE4A4860F65AF6460900FFF77F12C08EDD728F68CA0065126B9AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xmlMD5=C9734A297293CCE204D369DD392EDDC9,SHA256=CDF89F9602942969AE0493769EAC7DAA8022A1E8295D49403F1206615F92071A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\hr.msgMD5=46FD3DF765F366C60B91FA0C4DE147DE,SHA256=9E14D8F7F54BE953983F198C8D59F38842C5F73419A5E81BE6460B3623E7307A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpPerformanceRecording.wprpMD5=990729AD92C1325C42B04BC975ECBD57,SHA256=E796454FEE4CF17EFDC25DB5FEEF00A5D7C1B335E6C4B4FE996E8AD7CAB01BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.161{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpPerformanceRecording.psm1MD5=CBA32A98D0EC2D6CCCD3306BFF7AD3D2,SHA256=B77C1F9B9263345F34FE32EED15BD8E3925D378CAEF5D83FEB49275447BCCED6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\hi_in.msgMD5=BC86C58492BCB8828489B871D2A727F0,SHA256=29C7CA358FFFCAF94753C7CC2F63B58386234B75552FA3272C2E36F253770C3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\MSFT_MpComputerStatus.cdxmlMD5=58DF8D38469AF7353B672A6F145994DC,SHA256=A63B944CF4FB3DB7F758F7E4D94126ABE99916127E451E0C139D71E94744084A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\hi.msgMD5=349823390798DF68270E4DB46C3CA863,SHA256=FAFE65DB09BDCB863742FDA8705BCD1C31B59E0DD8A3B347EA6DEC2596CEE0E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\Powershell\Defender.psd1MD5=9346D71D826DC7B6580C6206FD1A272E,SHA256=EE3344F2D9FE64E0593B1DCE5FC4743D4891DAA6528A0650C41ED0D3F455D48E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\he.msgMD5=FFD5D8007D78770EA0E7E5643F1BD20A,SHA256=D27ADAF74EBB18D6964882CF931260331B93AE4B283427F9A0DB147A83DE1D55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pl-PL\mpuxagent.dll.muiMD5=16DC11F458E24BD57C80E75E96B51784,SHA256=8812A720CBD2BB49D10256A062C1C61C7CF47259693ABC75FB7CD80BFEC5D76F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\gv_gb.msgMD5=A65040748621B18B1F88072883891280,SHA256=823AF00F4E44613E929D32770EDB214132B6E210E872751624824DA5F0B78448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pl-PL\MpEvMsg.dll.muiMD5=61345DAE8DFE5AE0057C8B4A45C2833F,SHA256=593AD6B77223468408847298A5884E4BF96D47990838544CB4940FC13EFD8D35,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pl-PL\MpAsDesc.dll.muiMD5=6CAF1D4CE690539494F539B7905A02BD,SHA256=7285073BE903CC3E47014FA809D64DA01D338A8008FC61843A81DE4471B32217,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.145{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\gv.msgMD5=3350E1228CF7157ECE68762F967F2F32,SHA256=75AA686FF901C9E66E51D36E8E78E5154B57EE9045784568F6A8798EA9689207,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\pa-IN\mpuxagent.dll.muiMD5=9771616F679CFDE87EE5FD215B2EFD9C,SHA256=341C70F942D6DEC043A831790AD82E75550C5CC1F338A93E089538E7EFC94228,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\gl_es.msgMD5=3FCDF0FC39C8E34F6270A646A996F663,SHA256=BC2B0424CF27BEF67F309E2B6DFFEF4D39C46F15D91C15E83E070C7FD4E20C9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\or-IN\mpuxagent.dll.muiMD5=3F59C3905C0A227825F4EA3C3E55F091,SHA256=1FB59FD9995DC6CCD4AFEBADAC827E4A14C9325B80A8797E2085B148CB70A4BB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\gl.msgMD5=B940E67011DDBAD6192E9182C5F0CCC0,SHA256=C71A07169CDBE9962616D28F38C32D641DA277E53E67F8E3A69EB320C1E2B88C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nn-NO\mpuxagent.dll.muiMD5=9AD942027A59B35A699926D89B296612,SHA256=1B608279C259B704B85A162C875F1E11AE6019DA7AF62856E9C22F629B840BEC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ga_ie.msgMD5=04452D43DA05A94414973F45CDD12869,SHA256=2072E48C98B480DB5677188836485B4605D5A9D99870AC73B5BFE9DCC6DB46F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nl-NL\mpuxagent.dll.muiMD5=4B6F3EF552192457CC7AC7BA263EDD6A,SHA256=8CD88C0931DB658F1D35B8181E38232E44D976D6DF13C52A6D8C02FBCD567905,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\ga.msgMD5=88D5CB026EBC3605E8693D9A82C2D050,SHA256=057C75C1AD70653733DCE43EA5BF151500F39314E8B0236EE80F8D5DB623627F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nl-NL\MpEvMsg.dll.muiMD5=2000D01C73693AC55224A2B50B154615,SHA256=8405E0027C96F98DA781F1E4371574EAC844A6FB11B049E53E0CA6AE3C43C7B6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fr_ch.msgMD5=8B27EFF0D45F536852E7A819500B7F93,SHA256=AB160BFDEB5C3ADF071E01C78312A81EE4223BBF5470AB880972BBF5965291F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.130{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nl-NL\MpAsDesc.dll.muiMD5=B919CA54AC5049ADC843E4FE829C9CD2,SHA256=34C8D6941EA69F1EF22D732D329CF5809236AB849CFF76A8435AB6B71CA931CA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fr_ca.msgMD5=017D816D73DAB852546169F3EC2D16F2,SHA256=F16E212D5D1F6E83A9FC4E56874E4C7B8F1947EE882610A73199480319EFA529,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ne-NP\mpuxagent.dll.muiMD5=C4A6FDF1D995631B9C65FFC2AACFA873,SHA256=A8D371CE6D117AB8A9776D968D177AA03AFA2DEB101B77FF030ED8D8777CD8D3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fr_be.msgMD5=483652B6A3D8010C3CDB6CAD0AD95E72,SHA256=980E703DFB1EEDE7DE48C958F6B501ED4251F69CB0FBCE0FCA85555F5ACF134A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nb-NO\mpuxagent.dll.muiMD5=304AD32107CE26C67BB900EF0EF3619F,SHA256=7ED4B1F7B4029AC1BD5BFF3A524D8505627DE82C29457732BB70ABBB31FAA23B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fr.msgMD5=B475F8E7D7065A67E73B1E5CDBF9EB1F,SHA256=7A87E418B6D8D14D8C11D63708B38D607D28F7DDBF39606C7D8FBA22BE7892CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nb-NO\MpEvMsg.dll.muiMD5=E6B1FCA46E8D96A5C21D319484A90D4C,SHA256=FF51570F95646D497BBC29C0984DD5230BB98548C1E0A9F671A9FD9979CE8DA7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fo_fo.msgMD5=A76D09A4FA15A2C985CA6BDD22989D6A,SHA256=7145B57AC5C074BCA968580B337C04A71BBD6EFB93AFAF291C1361FD700DC791,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\nb-NO\MpAsDesc.dll.muiMD5=049D5EB3CA6C39F7C2B52FB92F833B12,SHA256=561723B736EA9FA81951FFE37CFBE370000581511C404CD5DB37BA281C0BFDA4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\mt-MT\mpuxagent.dll.muiMD5=1909106149F61C1F8858F89AD26DE2A3,SHA256=F02B104DA41574ADCE8A1DD333B960E0F49014865E5A38C2F2C726D4BF37894E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fo.msgMD5=996B699F6821A055B826415446A11C8E,SHA256=F249DD1698ED1687E13654C04D08B829193027A2FECC24222EC854B59350466A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ms-MY\mpuxagent.dll.muiMD5=AD98F9AEB308A129EC66CC9D00D5F89C,SHA256=95D7B51CACDD3D3080E3641A846959092E2868CD5BE7A488FC8524E1A5D870BE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.114{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fi.msgMD5=34FE8E2D987FE534BD88291046F6820B,SHA256=BE0D2DCE08E6CD786BC3B07A1FB1ADC5B2CF12053C99EACDDAACDDB8802DFB9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\mr-IN\mpuxagent.dll.muiMD5=194257A1024CC7E39D63397FE1032ECD,SHA256=9D3248100342AEB6BE4C4EB53BEEF7A2C4ED20E7013BC0B982299EBAA98891AE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fa_ir.msgMD5=044BAAA627AD3C3585D229865A678357,SHA256=CF492CBD73A6C230725225D70566B6E46D5730BD3F63879781DE4433965620BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ml-IN\mpuxagent.dll.muiMD5=7DB06185F5B8B88066388F4881076566,SHA256=E039735F816CCA4FD1D3B1D950D9393986967307FE04C6CFD9CC4FA50C6E2173,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fa_in.msgMD5=E6DBD1544A69BFC653865B723395E79C,SHA256=6360CE0F31EE593E311B275F3C1F1ED427E237F31010A4280EF2C58AA6F2633A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\mk-MK\mpuxagent.dll.muiMD5=D254D68D9C9B3ADB6F299A2F8E995BB8,SHA256=2A79835205C8F5F628E88AA1E61F3545AE26EF87CF2FA004A42873952EC4D4E9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\fa.msgMD5=7E74DE42FBDA63663B58B2E58CF30549,SHA256=F9CA4819E8C8B044D7D68C97FC67E0F4CCD6245E30024161DAB24D0F7C3A9683,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\mi-NZ\mpuxagent.dll.muiMD5=ED26BA8C0D72BCC36EDC88C45EE5FFC4,SHA256=8688A71A827466A4040DC4647D08AA769246F391F30705FF1CA257F4F78D575B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\eu_es.msgMD5=D20788793E6CC1CD07B3AFD2AA135CB6,SHA256=935164A2D2D14815906B438562889B31139519B3A8E8DB3D2AC152A77EC591DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lv-LV\mpuxagent.dll.muiMD5=CCB530458FCEE57E22B2EA4D6ED208EE,SHA256=E35D26C5075FC7DA7C0F8B60587E4F1283AF90A93A24552582211DC8DDDA1B01,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\eu.msgMD5=E27FEB15A6C300753506FC706955AC90,SHA256=7DCC4966A5C13A52B6D1DB62BE200B9B5A1DECBACCFCAF15045DD03A2C3E3FAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.099{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lv-LV\MpAsDesc.dll.muiMD5=6E39C969E7C1B3504247517C5BF75691,SHA256=E9A47A06F4609DF0FC502073DB628958F73C7E4C8DA5B93184443791D02B8704,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\et.msgMD5=3B4BEE5DD7441A63A31F89D6DFA059BA,SHA256=CCC2B4738DB16FAFB48BFC77C9E2F8BE17BC19E4140E48B61F3EF1CE7C9F3A8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lt-LT\mpuxagent.dll.muiMD5=9026148C819D5C847ACC68BC8E301ED1,SHA256=B7A3303B8AA2867DF57C5C7B5EBCC204A39165AEA0ADE83A73195E8B12FD3F49,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lt-LT\MpAsDesc.dll.muiMD5=27533FBBCE191C502F58AA744C09B849,SHA256=14C86B9251617ED03F1CBF6BAD494E10D8AE4A421955E922719838A9CDEB9842,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_ve.msgMD5=F3A789CBC6B9DD4F5BA5182C421A9F78,SHA256=64F796C5E3E300448A1F309A0DA7D43548CC40511036FF3A3E0C917E32147D62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_uy.msgMD5=40250432AD0DC4FF168619719F91DBCA,SHA256=BA557A3C656275A0C870FB8466F2237850F5A7CF2D001919896725BB3D3EAA4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lo-LA\mpuxagent.dll.muiMD5=7CC56F36F54BFD32B24F8269CBC25712,SHA256=8C228ECEAB7F6475A48DF767F88F4F1DFD108937C2453FE2D67DA7C184A338B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_sv.msgMD5=6A013D20A3C983639EAF89B93AB2037C,SHA256=E3268C95E9B7D471F5FD2436C17318D5A796220BA39CEBEBCD39FBB0141A49CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\lb-LU\mpuxagent.dll.muiMD5=F550649C08F98B0AEA8E873D7522FF6E,SHA256=0D9E8A489A99DA0A85667A30782454F4393E9279400C368463FC421A73BBE50D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_py.msgMD5=D24FF8FAEE658DD516AC298B887D508A,SHA256=94FF64201C27AB04F362617DD56B7D85B223BCCA0735124196E7669270C591F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\kok-IN\mpuxagent.dll.muiMD5=DD8EB2310B7CFE70A1637B3554E0BA59,SHA256=4BB817A3216E25BCD96E8C6A1C9DB32B4B2F87696D6279E6BE0968921897EB42,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.083{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ko-KR\ProtectionManagement.dll.muiMD5=BB70C5EB54F690DFCA728895F25B6601,SHA256=38F74BC285D27B860B2A7F8B7DD707876C89D188799AB57A8900857E84141BD5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.082{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_pr.msgMD5=AEB569C12A50B8C4A57C8034F666C1B3,SHA256=19563225CE7875696C6AA2C156E6438292DE436B58F8D7C23253E3132069F9A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_pe.msgMD5=74F014096C233B4D1D38A9DFB15B01BB,SHA256=CC826C93682EF19D29AB6304657E07802C70CF18B1E5EA99C3480DF6D2383983,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.080{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ko-KR\mpuxagent.dll.muiMD5=2C5015292ECC9E51E4A7C5116F0D2F6D,SHA256=5B3AD7DF4494CDE19C3D80D0064C037F5882A60943165D31D6EB4BF66C3CF34D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ko-KR\MpEvMsg.dll.muiMD5=EA80DE1104EA53A2893D83B1FF47612D,SHA256=B61E5C561E1902D170E87D61112E93D4038B6F6A8F3C8B11C063EDCA3E37368B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.077{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_pa.msgMD5=148626186A258E58851CC0A714B4CFD6,SHA256=6832DC5AB9F610883784CF702691FCF16850651BC1C6A77A0EFA81F43BC509AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ko-KR\MpAsDesc.dll.muiMD5=1D1D0208330A5E6FD3019FFEEBC2FFAA,SHA256=3464105CF6B8FD9FF7366A52350217341C53BD20B0B9BA8C833502FF81A244F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_ni.msgMD5=2C4C45C450FEA6BA0421281F1CF55A2A,SHA256=4B28B46981BBB78CBD2B22060E2DD018C66FCFF1CEE52755425AD4900A90D6C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\kn-IN\mpuxagent.dll.muiMD5=172B8401C1C0B9248548370B531E9BD2,SHA256=8714403277C0B396A6A8854BA936CCFABA5841143E04C2735D67AD3B81516767,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_mx.msgMD5=F60290CF48AA4EDCA938E496F43135FD,SHA256=D0FAA9D7997D5696BFF92384144E0B9DFB2E4C38375817613F81A89C06EC6383,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_hn.msgMD5=AAE4A89F6AB01044D6BA3511CBE6FE66,SHA256=A2D25880C64309552AACED082DEED1EE006482A14CAB97DB524E9983EE84ACFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\km-KH\mpuxagent.dll.muiMD5=D7C1156285AC257A9461248BCB1FDCB7,SHA256=C9CD72ED2E024BF5A3651350DEA394F3DA16B1A6A674130E175B6AA248C53C3F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_gt.msgMD5=1E6062716A094CC3CE1F2C97853CD3CD,SHA256=1BC22AF98267D635E3F07615A264A716940A2B1FAA5CAA3AFF54D4C5A4A34370,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\kk-KZ\mpuxagent.dll.muiMD5=CBB0D632BD86C20FAC9B608931890A2D,SHA256=F4D674AE9B124693687AA9181F8AB96A993A7439486481F5FFE9859B10FF3947,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_ec.msgMD5=CCB036C33BA7C8E488D37E754075C6CF,SHA256=2086EE8D7398D5E60E5C3048843B388437BD6F2507D2293CA218936E3BF61E59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ka-GE\mpuxagent.dll.muiMD5=5EA27B137DFF448CE6BD2879F3C66E91,SHA256=6EA4760836B21829EF37A42DD11D279755634397B45610F995072FF3C7372F79,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ja-JP\ProtectionManagement.dll.muiMD5=C56197002C189E3EC7ABEAC4CFF3E183,SHA256=D13177865A421AB8CCB13B22BC5C880DC5852F24444F2F2B3E9942CB6CB002E7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.061{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_do.msgMD5=44F2EE567A3E9A021A3C16062CEAE220,SHA256=847C14C297DBE4D8517DEBAA8ED555F3DAEDF843D6BAD1F411598631A0BD3507,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ja-JP\mpuxagent.dll.muiMD5=12B946F8340850633DC2DD6EE40F2A42,SHA256=ADB66E12F137843707DAE15EF8514215C3965D4F67FC4F6D378E2E9A2EA52995,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_cr.msgMD5=F08EF3582AF2F88B71C599FBEA38BFD9,SHA256=7AC5FC35BC422A5445603E0430236E62CCA3558787811DE22305F72D439EB4BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ja-JP\MpEvMsg.dll.muiMD5=0B72C73DD7E9D396164D44860FEC4603,SHA256=6E489D30EF3956D7C55DE98EB4A292D67534AC168821338DBB71387DCED9BB51,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_co.msgMD5=FD946BE4D44995911E79135E5B7BD3BB,SHA256=1B4979874C3F025317DFCF0B06FC8CEE080A28FF3E8EFE1DE9E899F6D4F4D21E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ja-JP\MpAsDesc.dll.muiMD5=A84F9DD91E651D6378ED25EE410ABD73,SHA256=DAA5A39F5A41E8549354878BCA60D247B097D0726C642043BCCC8EA5E9958834,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_cl.msgMD5=B7E7BE63F24FC1D07F28C5F97637BA1C,SHA256=12AD1546EB391989105D80B41A87686D3B30626D0C42A73705F33B2D711950CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\it-IT\ProtectionManagement.dll.muiMD5=AC686BE337F5CEA8D06B615FD6C4B9F7,SHA256=69F72D00445DCE6A4A9A2BD69627451C875BF864BF98F7AC554FB0E3737903A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_bo.msgMD5=4C2B2A6FBC6B514EA09AA9EF98834F17,SHA256=24B58DE38CD4CB2ABD08D1EDA6C9454FFDE7ED1A33367B457D7702434A0A55EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es_ar.msgMD5=C806EF01079E6B6B7EAE5D717DA2AAB3,SHA256=AF530ACD69676678C95B803A29A44642ED2D2F2D077CF0F47B53FF24BAC03B2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\it-IT\mpuxagent.dll.muiMD5=F81A22F6704F1980685E1B6B968B1416,SHA256=7BE6AA910FF4FD157FC6B9E52B7F7AE412ABD8312195E4CA3AE30DD30BBC7230,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\it-IT\MpEvMsg.dll.muiMD5=9621E72BDE052AF87248869D95F740F1,SHA256=24DEDBBE081A2D26F80A28F889341BC9CB6B69F7AAB007690F1D401E10C03455,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.046{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\es.msgMD5=022CBA4FF73CF18D63D1B0C11D058B5D,SHA256=FFF2F08A5BE202C81E469E16D4DE1F8A0C1CFE556CDA063DA071279F29314837,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\it-IT\MpAsDesc.dll.muiMD5=999B7D50B0D5054A248145C57DE8FE53,SHA256=16A49CDEE6DD11357E6857C2889B32F66E5E2B76C349BBA38F202D0CA2439866,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\eo.msgMD5=FE2F92E5C0AB19CDC7119E70187479F6,SHA256=50DF3E0E669502ED08DD778D0AFEDF0F71993BE388B0FCAA1065D1C91BD22D83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\is-IS\mpuxagent.dll.muiMD5=E588A8FAABD5714585A6327BDE8A5620,SHA256=354ABCEDCAC302A6739CE0B34F2D370B64DEDB8446A7A8DCD9EBF83BFBCE8B46,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_zw.msgMD5=D8878533B11C21445CAEFA324C638C7E,SHA256=91088BBBF58A704185DEC13DBD421296BBD271A1AEBBCB3EF85A99CECD848FF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\id-ID\mpuxagent.dll.muiMD5=8EFD7C5E912ACA7F0DFA73B4E49835A2,SHA256=4ECB23CFC70FBFE8395D36A3F952C635AEA5E0C066AE7BEE0DA3E467D7B52BE0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_za.msgMD5=F285A8BA3216DA69B764991124F2F75A,SHA256=98CE9CA4BB590BA5F922D6A196E5381E19C64E7682CDBEF914F2DCE6745A7332,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.030{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\id-ID\MpAsDesc.dll.muiMD5=130873D2E19F8E4FECB3406E5B203E8B,SHA256=AD811C6D80C3BA2DF1D574F23DAC24A42DAB1C8DBD142CACA7DDE6293FBA1DAD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.014{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hu-HU\mpuxagent.dll.muiMD5=0840EB14DB0A5B63509B244A7C09EBC1,SHA256=528EED32F6FE145DCABD4E5EDD619F2736F2AE9721DF9699EBC96DDA61793C03,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.014{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_sg.msgMD5=3045036D8F0663E26796E4E8AFF144E2,SHA256=B8D354519BD4EB1004EB7B25F4E23FD3EE7F533A5F491A46D19FD520ED34C930,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.014{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hu-HU\MpEvMsg.dll.muiMD5=19B9FC01053994043BA62B9184DA6744,SHA256=D88AE56F4016ED3CEC159A725474199CCB6775B4DA012F2CAAFFA6BA34D2BA3B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:32.014{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_ph.msgMD5=787C83099B6E4E80AC81DD63BA519CBE,SHA256=BE107F5FAE1E303EA766075C52EF2146EF149EDA37662776E18E93685B176CDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.999{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\hu-HU\MpAsDesc.dll.muiMD5=DF44AE65B816A9BD69F1DC16406FB958,SHA256=BE965A8FEA6A87CE70D33EB4273CB729E93BC968E3DDC054C2B05BE1E1B980ED,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.999{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_nz.msgMD5=DB734349F7A1A83E1CB18814DB6572E8,SHA256=812DB204E4CB8266207A4E948FBA3DD1EFE4D071BBB793F9743A4320A1CEEBE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:31.999{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\lib\tcl8.6\msgs\en_in.msgMD5=1423A9CF5507A198580D84660D829133,SHA256=71E5367FE839AFC4338C50D450F111728E097538ECACCC1B17B10238001B0BB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031803Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:32.767{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=373F2BE66E09D2BF95073812E19A8DE5,SHA256=FC67D2BDE4EF4EA45FA80BF650FE177EF82DC21DA87B29CD7AF6AB0678F116BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.984{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\maintain-git.htmlMD5=D24C8037D20CD0513C05B3C57CB121B8,SHA256=F16276C8DADF20066FF526A6DA876E7FE8FC18684EAEC84FD7A1FCF2EC0C39A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.984{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nb-NO\MpEvMsg.dll.muiMD5=5FDCF259858872EE1ABE3281898C379C,SHA256=10EE08B3A7635F66D34DFA65B33919C8481D16960332AD3F5EF6E52C8F465C88,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.984{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nb-NO\MpAsDesc.dll.muiMD5=CFB0B5A63855D0AEDA094C8F708446AB,SHA256=0FC17F8F1842DE2DD527C354F21D8F56E91EC2B8D6B45C9D8645EE7E5F1F2F05,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.983{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\keep-canonical-history-correct.htmlMD5=ED7D54E4B067CCAE0CBAE4C0A58BC544,SHA256=1750717230D2BC51CC3DF427B8C275F3B60A217671C89E8670742274CAA1A11D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\mt-MT\mpuxagent.dll.muiMD5=C7463FD36BFEA4AD8A7B447C83387975,SHA256=C1BFEEC975FE032AF6FBB26A951D0F3D5F997D8EBA83253BEDA348F19489CD6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\coordinate-embargoed-releases.htmlMD5=3D6A1B59C199C61FC8CA43D477212B8F,SHA256=90D5670E4550170241834808B618C15FF341DB954898DD582425224B6F4FED07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ms-MY\mpuxagent.dll.muiMD5=9F7CDA909D065F05CD51520A132F29CA,SHA256=71D891BDC00C8BCB61DD210140F07C11AD335B2054CBD3477D34E891D1C16864,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\mr-IN\mpuxagent.dll.muiMD5=616672ADAD44978A93DD29C3AFF3A3FB,SHA256=9119954D8CF59229485AFD1C84FF59B9A43F2CD5BA2DB7315A926C9BEAB69B71,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitworkflows.htmlMD5=68B55F57BFB95F5F5968DCB23DCBDBAB,SHA256=E59BB997EC7C07DDC2017486FA09C41DC3BBD3E7B5C7F00CB6803E03AC82469B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ml-IN\mpuxagent.dll.muiMD5=CE67EB83066266D989BD40B93DB1E5E1,SHA256=AAC779E6F9C48C398433467AB471CF8184AA48934259A6E010239236CB11E208,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitweb.htmlMD5=C61983A318D44A8383648994584DC4E8,SHA256=57EDE3258F7E1570328C2AC335226BB6E924AC51865263857363A84442A45283,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.963{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\mk-MK\mpuxagent.dll.muiMD5=15FF598CC5BD7B431D7D132862F55EF3,SHA256=766A403F969F503EF7F9D6E82AE3561EB335A536912F494ACF95FC4EA4A0FEC7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\mi-NZ\mpuxagent.dll.muiMD5=3788E807D6F10C0001F53139D9DABC19,SHA256=4AB897CD15C2D31C9661718388DB713C856DCE8D44C362668D7890BC134BE52F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitweb.conf.htmlMD5=C67114CA3CB5F5473926D3761EF5E8C7,SHA256=011D2641ECA7E6C9FE9FF38103FB7F07D395A48F796E07EAD29E153A9C702251,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lv-LV\mpuxagent.dll.muiMD5=617B7682629B4CC3CCD20461FAC82FE4,SHA256=D75934FAC5D74B3C33FCC1000082572E3B952F11535A228634DC2396096769E9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lv-LV\MpAsDesc.dll.muiMD5=31CB57ECAD792B98A297EB11E9A7C9E9,SHA256=C2034D6E7B108624A9B54ECDB46F551D6D7D42B7E8AAE15B76DD374631453EB0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lt-LT\mpuxagent.dll.muiMD5=FFAB10FABD8E0B751EC3A27114B0D312,SHA256=55E7F6B79E67B57760AA30B6B961B2B24008F6B1B5511DAD69495DE0025938AF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gittutorial.htmlMD5=1899E0A482CC12B941529EC39A2F27C0,SHA256=491C16026C3801FE418347A45F42BBE6147ACC00D55B67A17744EC7B5FDBDA53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lt-LT\MpAsDesc.dll.muiMD5=D29C9AA95B1DA0F81053D22201A13917,SHA256=2EBD95BA55213CF43024FDE78CDE6984204782A598A658B39A704BC4DFF0D852,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gittutorial-2.htmlMD5=667DD7EEE3EFC9CBA9623AB1ADD49F82,SHA256=EA4DA0CE38C926CABD1393B5867EE0D11C57F4D0A39A8DCD14AF3B26D5275D5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lo-LA\mpuxagent.dll.muiMD5=B16EA2ED909DABA1F1DE6AAF72CA1029,SHA256=75D899538C2D4DC4A8939677007D0E4E5CB895C18283B820652027E81D2FE6A7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitsubmodules.htmlMD5=FEFB2A61089C782F59A2FEF621CAB4AB,SHA256=FACE1C6E3F37D33436254517C6CB523FAAACBC94F8CFFCF4EA7447EAFDF18D1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\lb-LU\mpuxagent.dll.muiMD5=540D69728262B6D0EA573760766F3D74,SHA256=73A8E841A41261F687F977A9267D2AED22FB213AC18A979986388521F2E27889,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\kok-IN\mpuxagent.dll.muiMD5=67CEC24F2A913B13EFFD516CC1C268B2,SHA256=DF5E390CB29986F9DE5DAB9A07C98B7E8900A7BEA18328789129BB7828B1D65F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitrevisions.htmlMD5=5460477695142892ECF267180FA073BA,SHA256=0F832B0B0B24F4EBD6516E9C0B8AD78727301EACB54BE08C053D86286A671326,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ko-KR\ProtectionManagement.dll.muiMD5=6D0C780B43FE275E596379E82DCB8E92,SHA256=C59BAC91B6FFB0720CC2B870432C7664D1BED3FD87924CE69AB2F6B45944E167,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ko-KR\mpuxagent.dll.muiMD5=5E8643FA3B8DE677F6D8067080E997CB,SHA256=5B27A6B036C169C7E7C1958258E9703220E627B5771AC7A9AD8CD82D739CC5FF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitrepository-layout.htmlMD5=1D72463F4D56237E3274608D46CCC736,SHA256=5C8E1C56281057BB4EE10F1C7BB85BA686A7559B725F7198594BCF24FA714656,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ko-KR\MpEvMsg.dll.muiMD5=1327C65ED55EFF9B36558DEB38835CC7,SHA256=F18F5CD68AC4D136823E022122DB655F5B039B27932E72E8CAD58598F72A96DF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ko-KR\MpAsDesc.dll.muiMD5=827B4902FDBC58E3D3F8B792DE127DED,SHA256=9F4DDE454C2A250E23B3DA294BCC60BB3440173F1615925976C211930A1C498B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitremote-helpers.htmlMD5=B00D6AC0CAD7DD8BD6D90F65E2114471,SHA256=D8ECF3DE835BAAE04AEA9FB9D6FD19C1D29C3A0A8660445F5AC17C8078E14270,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitnamespaces.htmlMD5=1C174F3D68493A9BE3DADC873254C1B9,SHA256=EBE5230E10D57B9D0CC980EF18A5ED210E34889B87631D74BB7F3986BE9CC397,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\kn-IN\mpuxagent.dll.muiMD5=86B822CE9BC38CE46BBE27A5384DC80D,SHA256=875F3EA93784906E27D4DFBF3FE36E02EC884B69B583167B5F67FF2D49BDC583,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\km-KH\mpuxagent.dll.muiMD5=6B2E423EBF42BDB0AF71FE06E17B67CF,SHA256=8AE1A88C2A45733355C43200EC6B9C0548ED092E9AA8CCAD59ACFECCA8B3DF6A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitmodules.htmlMD5=5BF2E2E9D8EDC7A3BB73003DACA18ABB,SHA256=DFD85B8B85CD8C8D05A08EACFF97DDF69CF3D8E455C0975946A3F892698AAD04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.900{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\kk-KZ\mpuxagent.dll.muiMD5=D92C5011F324331B87199AAB960055A1,SHA256=60A4EB86C6EBB9F6B1935F03BE9A68B0509D5352BC8987110ED2F01B85EF9BC4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitmailmap.htmlMD5=65FB3F042AEE17712DE19B4CD8FB5FFC,SHA256=55F3CD481A2C4442DB53D4872DF92A4CE331C213E51EF64A422612A768A26F69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ka-GE\mpuxagent.dll.muiMD5=E61CDBC7A03903C1FB46DBF483120534,SHA256=6DB928110D1182A49A69DFFE9BD1C4DBD2FD41ECA7F3BA631B4B02CA63B8DC20,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ja-JP\ProtectionManagement.dll.muiMD5=4BA4863398F9D3A14341A90340ADD837,SHA256=0911119BDE414FCA215CC8C941C1A3C64A8CBCC4447E84AEA5A33A52AABFC7E5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitk.htmlMD5=2A428BEC5B86FDD58C7763A190B9E718,SHA256=ECBAA490BF7345D621FE09FDF49BA44DBCED24DFCA86590563DDD415B30D2A78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ja-JP\mpuxagent.dll.muiMD5=2F8D87418BE89AEC3E480603241645A0,SHA256=E5F3B15FDD277DE34F31C54399B3733C09948425E58F17FDFBCFFA3EEC1B753F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ja-JP\MpEvMsg.dll.muiMD5=D6FBB0AA6A8533D567AC5721572F5572,SHA256=B0B5F85E29C125667B21DE6F9A64F34EC0463A21DEB2EAD2E9E5CE0D647129C7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitignore.htmlMD5=6A1E9792A696310E3D5D939D3AF58D4B,SHA256=B9B04EC80C121E12CAF1BB02E3A6E1CF45944B50448873B7DE38E857BD176EF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.884{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ja-JP\MpAsDesc.dll.muiMD5=428AD8639C3AD8F407B956A34F1639CA,SHA256=3038D8355D5427CB12B3991EA9CB4B4239F47476128D9D218EB460256FE170F1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.881{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\githooks.htmlMD5=CE9486C856805ACF653F002E13CA4448,SHA256=B3993F9788FD7765E2261E3C499953D9FA8F920DC8DACED8BAB5BB22FC7CEC2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\it-IT\ProtectionManagement.dll.muiMD5=777476D36AE3DCD67F0B513A78BABD78,SHA256=C8092FD81326BFEDE9BF52D35241885511D47EAC373731EA93FC0BFE07F01479,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\it-IT\mpuxagent.dll.muiMD5=7C4B6C01EA2973D7EBA9DC5329762A05,SHA256=F2F6B07B04669E8647233C23D1CBB8BC1C9BFFC17A4EF2D232E4047B6BEDBC69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitglossary.htmlMD5=DBFF10DFF61E6167EA18ADE6724B05A8,SHA256=B096ED479204847D6A856FC275A1E10B3ABBA1B84D2F63AC4F3AC27B822BB068,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\it-IT\MpEvMsg.dll.muiMD5=5A3B2FC4401F36C9AD86C35EAB74758F,SHA256=6CAAE2C575EABF5EE1575A772AD8354A95BA844EA8FF7A8E5ADBD60B86707945,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\it-IT\MpAsDesc.dll.muiMD5=A19BB14BFAEDE6B935A682C9413D2801,SHA256=C7D91D653BAEA634320A32C8E8F026E80A901909D4CBBC892E06BDF13984C229,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitfaq.htmlMD5=D264A2716B7479F8F6EED438D9B8D1A4,SHA256=369CD1ACEB6E516FD9177D1A1636C0B04498190E4A73EA1CE3A52B9C53117EB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\is-IS\mpuxagent.dll.muiMD5=6BD7423276AD46B3CDEF38BA5720008D,SHA256=890F7612900356F92608206602D2286E9DA0D3E6E32F3A5811A4AA0465C542D3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\id-ID\mpuxagent.dll.muiMD5=14DD9F68BB3CF706E82E604D92BC9667,SHA256=9D40D6072C054EF189642585E98CE6C0762C13B49C79F8A028B079EA8BDB987B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\giteveryday.htmlMD5=DA184D6206297720996988BB62A32B23,SHA256=DC98FE4A816B173B629A501F9B76D529491BA47E96CD048B46F0433FB2EDE464,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\id-ID\MpAsDesc.dll.muiMD5=9A55FE7C8FB7BCEEA0D68356C0FBEB22,SHA256=D68C14FDAD363BEACE5FC239E01AFA3EC94272F76149E30F8638A17409D52C6B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitdiffcore.htmlMD5=1C578CCABBD01E1570ED9D0710720965,SHA256=C42FEA55937C713C8363A2EE89DBA78BFA6337AA22369818BFF422721029E74A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hu-HU\mpuxagent.dll.muiMD5=B8A1D06A635EC9117D631296893DBA4E,SHA256=F4D6AFE2C2700E08D0D2E87351C2AC40D098E7DE422E44F4F284F44A2684022D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hu-HU\MpEvMsg.dll.muiMD5=41CFE9742D1BCC8F83CF7BA42C53CA75,SHA256=90CD22C43F9FD84E9ACDA40960BAB35E5625677F6D6A1050BA3BE5D69A4D2CA3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitcvs-migration.htmlMD5=D43DBCCCBEE5D0E922C52EC047F5E34D,SHA256=8991352AF09072F55E9D744CC7908E716E661F735CF8F8CDCEBE3596C30C84AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hu-HU\MpAsDesc.dll.muiMD5=B8A9D8E07AB91A42DE78285BDD389DF5,SHA256=326B29389525D0DC4A3F4ADDE98C743F007A4CC6F1ADE965E172232BCA505BEE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitcredentials.htmlMD5=CB1EA5C1ECA11BA28BF3B80FDF951EBE,SHA256=BBBB2D001E506195A93AC6D4C30CA300739E23E80363C67B6A67B83FA7F9C2D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hr-HR\mpuxagent.dll.muiMD5=AF0CAA0BA9C0C68A0B0063736131F7A1,SHA256=359874993CF50CFB8693C79F45CD3EC300380B6B858CC4173A230351743CF36F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitcore-tutorial.htmlMD5=AA5DFB39FC015F8859B2FCC0698A3DB7,SHA256=ECA63B3FC77841A360C5543B06AFF6BE1BD880256EE0C284FB1BA9F9F34E27AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hr-HR\MpAsDesc.dll.muiMD5=C73205CB1B0F4E1ECC0B152C6931DCD0,SHA256=8EC17FAAE3557271D819AB68FEFD7DF311BCCD499D143EFC09EDB91E4451F3F0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\hi-IN\mpuxagent.dll.muiMD5=DC1D0F133428B22F059B464C82DB1DE8,SHA256=128C0ED323C6E77FC35B6DAB82E39EE697E272585763FC229A8701D482C37B9D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitcli.htmlMD5=FA7E2DEBB661FFAF1D40BC6A3B590642,SHA256=F5FC99A715622AE641C7A18CF135B9608E0E67A079C3EC7E0881525BEEF8FB40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\he-IL\mpuxagent.dll.muiMD5=D36B54F154747671C36BEC17F54A3B2F,SHA256=4A86ABB4E911B6B64F96C4AEB240AA3D3DB308A3A05622FD539E077414EEE59B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\gitattributes.htmlMD5=F222DC0A0BA3BC8DD77755853B818CDC,SHA256=DBA9092D39DA5D2B0A3E8217B2BD857DCBCD9DF9A19FAC86CBDBAE0DA50A7135,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\he-IL\MpAsDesc.dll.muiMD5=7E436CF108E953CCA2D0F3237986A444,SHA256=026B28B226DE4257A845144732FCAB15D68AA07E2F4687400871039202B712D2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.800{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git.htmlMD5=317C8AD5238572E74F4987B89348DFFE,SHA256=C911936FAA08B716AC42C19937E071CD1F2139A05E93673E67200883951F4569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.800{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\gu-IN\mpuxagent.dll.muiMD5=78205A28B81F1FC7FD3DB33296114361,SHA256=857A85F9EE60452CB967E748B3637F866903596F6410B1EAF48031C6807203A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.800{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\gl-ES\mpuxagent.dll.muiMD5=FB4D8003094A4CE9DA7EC5464D99889D,SHA256=6343CC909DFFA4725FE8751A3056BDA0873A69912A34E4201217F0AE87A3DF43,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.800{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\gd-GB\mpuxagent.dll.muiMD5=5235873103D602D5D323B1EDA1997C65,SHA256=AEC8097CB4A2E91866C7F92AC8892AC14421FE25B1A42376634392CB3D9F124E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ga-IE\mpuxagent.dll.muiMD5=D6F9F55398473AD2E87C213B5EFF0BA2,SHA256=1724C7152D25A63C0286C64D196EFCC605D8A038D99E1E38F072FF255FC29EF2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-FR\ProtectionManagement.dll.muiMD5=3FD1F273261457EE40195711DA3ABD7F,SHA256=7D46CF096A43AD39D3301097A70151DBF1FB82D4F1118D0CF48EC06469E7D51C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-write-tree.htmlMD5=9089613E93F5D889737053B07951BEA1,SHA256=609EF79F195E9CF08FDD791471E358D2E2FC813619E98E6FBFC724BAEBBB0A57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-FR\mpuxagent.dll.muiMD5=3835EB2D1B94579B2BD9AA5358C5F66A,SHA256=AC82BC31108864BC48BAD4F05423F4D38A79BD51CFFEE02D0FFBDE7FA2CD8ED6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-worktree.htmlMD5=BB55148DA4BE019215A6861869E06F6E,SHA256=65E54D6C992265FEE8FDD0749770D5445178095E026E37AB18ED77542E3E4C07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-FR\MpEvMsg.dll.muiMD5=B8B47071503A90228F91DE6CBB02E43B,SHA256=F0BE5FDED7115202E8745561C80AA3617FA6A953B97F6686EA1AFD6172294892,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-FR\MpAsDesc.dll.muiMD5=444EE6AD9F2968664663FD20594B936B,SHA256=425C83136B811898CC72649E44B3B87ED7E56F18B4C4B9CE9206BD6D387344D8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.784{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-whatchanged.htmlMD5=BB859987DA36F9754DA8D01FCA7AC139,SHA256=4149C6ECDFA9FDA069AF23AA962BA4209E646254E5B2070A02F2FDF6733E888F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-CA\mpuxagent.dll.muiMD5=79FB0CE377B0A6982BBED4091753C195,SHA256=1827CA3C0AFC83B9A25C3D11EC795FD94A78689413076B8524DC73E4AD77FE8A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fr-CA\MpAsDesc.dll.muiMD5=ADB249A84DD01D20450BC41C93FE0C62,SHA256=F7FAE4DEDD9CD06548F257860F24B1AE27581D8854CAD5CD670079AA7B757E93,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-web--browse.htmlMD5=72A50189E070639C9BFEF28E8AF18AF7,SHA256=D9496677D11AC69466BA510B5373E6728EBA0CBE407DDCDA45BA9C4B38952251,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-version.htmlMD5=3DCE6E4633FFCF674C3352AF08105DE4,SHA256=DABF2062B6E112B648118A13958801B65BA57ADB37D524ECF394C28CAB52BB59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.763{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fil-PH\mpuxagent.dll.muiMD5=26E79D3B4EC619A27CEF7BD83D4EE65E,SHA256=3E4EA9685922E3C0C5D23FAE7C6903286D914154B4C3FB24A936B959021A9DCC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fi-FI\mpuxagent.dll.muiMD5=8224DF9E2C464A75A9D16F883CBFD145,SHA256=71DA1F1BB23F20739DC3123D1DA0894F78AB34B47594A35B8B16CFD5C09A1407,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-verify-tag.htmlMD5=308B2A26F84E5810F10324F67E9889AC,SHA256=F576EA626459EA1646C06A72CDA96FD8CCCFFF3D88BB1016C0B8F537EE74F2A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fi-FI\MpEvMsg.dll.muiMD5=18595D849EC73B7ED715E56A195EF1D2,SHA256=3FD4F514FDC757F689271E89A8829B6AC9EBC3B438CB25D7E55657EA6262C8D0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-verify-pack.htmlMD5=AD499411B6D28950C401B0A894F81A01,SHA256=4C3CB273FDA3D6DA0F6AF14A5A66531784CAB3BF57848676261F52191FEAE8BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fi-FI\MpAsDesc.dll.muiMD5=37F8EA3627D07550F16635C31195CD13,SHA256=CFB7B894942678A326BB8C431189F59FF11936FD8702221400AF944A9664560D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-verify-commit.htmlMD5=8468C84E55329F9570D6316991030209,SHA256=B13E8FE72464F755673779C61F4EB52B1156FA83F7272B5C1860753D5D2BC40F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\fa-IR\mpuxagent.dll.muiMD5=A1ECBE1B9DFC59FB9F27FA3BA6147EBE,SHA256=1C05760A1DE05EA9EE65F0E201439A046A6CF99EF99D1BA5B4FF674E8EAA62E1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-var.htmlMD5=9DFF43A6D53F7B4111009F7E29A7EAA6,SHA256=C975C555DD7447C1BB65E0C9E9EA8CB1DC76F8BA26EB447C93B43D50A7B7451B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\eu-ES\mpuxagent.dll.muiMD5=CC64309DFCB215ECD4DA00A93928A042,SHA256=D944744DB37364D3416FA075D0FBD00A35F8DD40FEB5C14799DCEE717FC38FAD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\et-EE\mpuxagent.dll.muiMD5=0E8EAB1D61EE07D242F1993030D2AE6D,SHA256=F3EE598C985D4DF84E7B910CC4E9682223E974CF8A33686ED6647A1A0D1F32AF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-upload-pack.htmlMD5=A13503C890E8F40B07BBBBCC68247481,SHA256=51FF3543D6E39DF784E6F20E58FC69A48224E19838969572BEE266711437BB01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\et-EE\MpAsDesc.dll.muiMD5=E64432BDE02CCD3C6B3CE7A1CD29DA27,SHA256=93D29CBFE7081F82324492FA46D2B83546244F39ECF99C1F1787883178139BBF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-MX\mpuxagent.dll.muiMD5=39E7324A415DD307F332D5EF4EFAE9A0,SHA256=DF7FB4E16EC395F8656CD2BAACB24DDC34A94339F59361DCE724B2DD09E79582,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-upload-archive.htmlMD5=B1CB650379A3ECF6C5619EE8FD77B250,SHA256=43EE5A232C4EF8F928829C72D9059A7EC24992391A4BEBCEB955545F6C400AF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-MX\MpAsDesc.dll.muiMD5=D62AE379CCC6AB86CA07F9AA8AF67EAA,SHA256=FD0442F13A8301FD17088CEEA425CAA9DDE2141107D901D2FE76763C77C9383B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-update-server-info.htmlMD5=B35D998EDFF28CEA6572F78A21F1F721,SHA256=77158FF485606BC883E8E77BE202EA961ABCDC17AAE6D2D29CCE63219E6251C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-ES\ProtectionManagement.dll.muiMD5=D76DC5133FA900C28A449DAB4816B24C,SHA256=5F09FB7745292A7BF34800218D9C53BC1F0F5800ACD4BE1C38D9EABE1774A24A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-update-ref.htmlMD5=27E3FA58BD03819E77CF809F8D370D84,SHA256=1BBE9549F2890B21649C62B784A433B2703A071C4C69C63005F3EBC1D6886D67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-ES\mpuxagent.dll.muiMD5=D86B67572A9CEBFE108F14D07DD0D334,SHA256=68B5F5A11C980C6E9652641935A7C148B54F9E16842E58C286C1062EF8515B9C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.702{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-update-index.htmlMD5=9D30077CFE0E6A7DE47A9B183EB97FEE,SHA256=E98CA6502BCBD66CF56665BED9A67AB802B1A2531397BCAFC0D94A8FABCD4001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.702{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-ES\MpEvMsg.dll.muiMD5=FE37D2D4E452B272650937BAFBF764F9,SHA256=4C64CD3ED413623AB77A59B73ABAA1967A0702BC106F0B8382CA2254A6334325,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.702{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-unpack-objects.htmlMD5=947ED743F391D929AFD97D1CF17DCD97,SHA256=29D87693724246786BE55B929DECCD07C3668612E4F98B19A602C921844EE5B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.702{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\es-ES\MpAsDesc.dll.muiMD5=8296FD160C769C86DE46BD9AEF62D942,SHA256=02FECD06A553F8E40BA138FEDD8F8C3049BA6D50898156941CED8574E27A76A3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-US\ProtectionManagement.dll.muiMD5=7D2B3FFF57D9D57273D3224BFFC9342F,SHA256=0DCE81DFFF29F46A1BD42B30CB9D7F8819DE598401EDAC156D27020AEF433965,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-unpack-file.htmlMD5=DEA11D7388C8CBCAAC5999254DE83F8A,SHA256=DB330A2CAFDA9F71846C850D9A77948810B7036C1EC0C885450E5BEB0937689F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-US\mpuxagent.dll.muiMD5=571E7AE814D5201148573B00AB991580,SHA256=4B78F3AF4CC5135D0D75B5452F32B5C853E2C1892CF68F0518EEB6DEA8577335,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-US\MpEvMsg.dll.muiMD5=C138D75DCCA451DF4FB131DC350E3BD5,SHA256=0B075E3BEE07D8A595F9AFFF9359B0C0C5D1324F7D3ADD1E706823135BDCC5F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.684{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-tools.htmlMD5=6D2E93732F08329C91BA050667EA9937,SHA256=2D4CA440CAAD46A1FF28CB86C1DA73846C291C755DC51788BC5134EAB3252DF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-US\MpAsDesc.dll.muiMD5=ADBE721E9D27B348D982E8033CD2BAFE,SHA256=7DA1C35364A12248B551CA88FFA3DFDFC7384BA17F99FE244E92C6D03B9E4198,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.678{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-tag.htmlMD5=DD20198E793BB1004DEFF34F205C0230,SHA256=AA4A15A4B6B0E4A1E69E779F30C8821E390F537A68A277F69EBCC81D736ABA2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.661{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-GB\mpuxagent.dll.muiMD5=1B9465A4455DE69F5931C50680CF4E9C,SHA256=DFA5936CF84A776A0D71793B41ADCE04642539B40DDC8E14803FE30ED164DA2F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-symbolic-ref.htmlMD5=8BDE8E0F84AB31707C44B8FD28374D20,SHA256=FCF7A1CADCF5F3FF95DE504ABE964A87B887DBB1BF52D857531E81A0BDCB9AB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.661{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\en-GB\MpAsDesc.dll.muiMD5=91DF6161B15135CE8196BA483D060981,SHA256=B803C9E1F0E2DBB86354C448796413C3E8C5070040A51E5958B6C7CA7AC7AB3E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.661{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-switch.htmlMD5=F40BF2A3B456EDA0545FC1358C30AE90,SHA256=CC45B5652165C42D1010B591B2CACACFE607F8A254D06B77330AFB161D49D412,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.645{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\el-GR\mpuxagent.dll.muiMD5=2CD4344849D0BCF505ADE332C36F3785,SHA256=2EAAFEE79D53B76B660E9D3FBB234255850A7542B421F190C0A3DE4C92C7B5A0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-svn.htmlMD5=5B6415B19F3C704750A53A72991FB2C3,SHA256=151466276045E3915F34B4EC5A7912D2A1A2A7D32A23FD2F4124694A553F9064,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\el-GR\MpEvMsg.dll.muiMD5=08747F805CC49D4928C0EB4D742A2F90,SHA256=62C3CC63854A46CA7415BAA7AA2E4AB3C508A00461D2C684F1D5588A24F0240F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-subtree.htmlMD5=30BFAB4AAAF27D476A5C4A764F2BBB53,SHA256=2E0B87F1D53E5C9E65E557F1A4F5D57CF8BDA38EA66FCA4FA1DF439474F4D769,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\el-GR\MpAsDesc.dll.muiMD5=83A1CAEF812FA2B50E949212F72540DA,SHA256=29A92DFC89C67BFBF21E827FACF72259395E9A06198F331CEB7C2ED827C83A57,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-submodule.htmlMD5=9771625E923006AA7FE0A959F18E8952,SHA256=6C80C5B6D4D5E8990A7105835B64520887B486178A7BA52DF81E3DABD0164A77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.630{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Drivers\WdNisDrv.sysMD5=6235F2DE87229EA585FFE5DE39F0AA62,SHA256=572D59AFA2B0BF080ABC64604DF60DE696BBA397C98D84CC63A9E2A218BB57BE,IMPHASH=B2232D76DB16949062B092AC66B306E5truetrue 23542300x800000000000000059755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-stripspace.htmlMD5=95AB1F3074A46F359E246BF9B8F82E58,SHA256=52C07ABA9A58021BFA328E1F9D6CCBF9B8E4E1652ED6921105DB7ABBE92F8BBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.614{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Drivers\WdFilter.sysMD5=77DD1735A9DF898C6956B14017375975,SHA256=98E4D84E679A2C8054C64F33B260EF1E65EC63BD4634F1518351A45F4B699ADA,IMPHASH=D148E8A715DE2CD7B90529132F014544truetrue 23542300x800000000000000059753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-status.htmlMD5=248C3028EAAFDA2D911E476AFE31DFDC,SHA256=5AF157CA5FBF0B21DE36EE05C02309F89BBB1F57E7E05EDC389A0C3ED460A38C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.614{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Drivers\WdDevFlt.sysMD5=F9FAC685628553E6D565AE4DE7246BBA,SHA256=50762F4493CFAE649B1CA996166BF1FDDF9543EC7BA9B1493A3A51371556E32C,IMPHASH=FFAB6852F7551B536A89E4E6E6DEDE4Atruetrue 23542300x800000000000000059751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-stash.htmlMD5=ABB73DF8C1F7557E0DA8A682CA10F4FA,SHA256=423FD56DA4E8B77B9587D6833567598533A009DB3D6011196C0545E56985ACC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.598{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Drivers\WdBoot.sysMD5=650C6FD2FCBAD1011EDFAAD3CA25B5B2,SHA256=37987A7CD3CDB764B8517B0E5F3D2AC243A16683F8F516D62926A3261FB6EBA5,IMPHASH=4B7A0029980F4F757F052F90FE2D4610truetrue 23542300x800000000000000059749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.583{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\de-DE\ProtectionManagement.dll.muiMD5=0166E70A2E5D5FC71B0A2B25BB228B5A,SHA256=7F68C4BEAB8E19843CFA8A64DA7807C0D8F411929E870D29169C5F26B7ED64D2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.583{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-stage.htmlMD5=C941BF5A42BB4D88D6F4D0FDED29C8B1,SHA256=BBEB89FF239B0ADD69393BAEA5CCABF78B5403E62FEB051B0876815AA82C4796,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.583{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-sparse-checkout.htmlMD5=9C27668C346C4AFB8BBC8F8FB5415CB2,SHA256=767DEF1DF5965631F08E8C25C22529EA1E7BAFE3F7BAEFF0368834DE2DDD6747,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.561{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-show.htmlMD5=6DB4534E734096A5EFB23AEE839733DF,SHA256=B6593947FABEEF87B2569F03C6C4FCB70266BA76F793AA92A5D297CB9B59E2AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.561{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1396B5AD8EC840AA05B3A37E383B5939,SHA256=D946A6CFF35289929870744AD6BE6F6D0CB511EF1D55FC56CC19322F9C3D0D22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\de-DE\mpuxagent.dll.muiMD5=BBE47E5DEE92A8B698CC32F08DFE96A5,SHA256=65BD31A281B902876682E2F0A4C4C351E58B9566D7145A6EEC9B2BAEC7993F4B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-show-ref.htmlMD5=7721068004DAEF6B2E46A97FE5B8459D,SHA256=E23BF849E2ABF5EE4995E44405438944167F1D6A53E187C389CCA3C1F3E259F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\de-DE\MpEvMsg.dll.muiMD5=0B3A5FA626030311614C2547A9EB5AC2,SHA256=1684A36E39A053BF44FD76B018AFF0BCA6906717E063CB77D07B6CAFD60C3E92,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-show-index.htmlMD5=47D54EF36E11C16D80DFA1672C5F2A90,SHA256=2817EDD1382712CC94091E90606DDCE659F46B975F6C75F5F97246B84CDBCFDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\de-DE\MpAsDesc.dll.muiMD5=0E426F75FE1508DA5744E3CFD3DE4565,SHA256=7953274C4CD57C3ED51A70737DD79ACB77B5332F7990102DABEC8C88B9E674BA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-show-branch.htmlMD5=228054288B1B75357E8AD975A9EC04CB,SHA256=184B10B429366F09B31A54DE2F95977D1246521D5529C36A1B12A47F7F1F13E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\da-DK\mpuxagent.dll.muiMD5=63AAAB7FAB9E9C8AA639538E42693C73,SHA256=D71CEB4F045E69BDB53724731187A99C4CBBDF833FD2C20D0A56CFC4A1A211BD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=224FB1AEDDCF8FD3E60DE161E49605A4,SHA256=6C1ADB9861FCE0D7EBF2800B00472A7C855707710B0B1592BF22B3A026FDAD25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\da-DK\MpEvMsg.dll.muiMD5=40411D7CFD9C01CF8A24D822518C5DC7,SHA256=F06CD298DB59E531C38E8FB1E323CA42EAB237811F37A9A5688CC7E4C9B34F0D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-shortlog.htmlMD5=2CB4679CED43BDDEA82EBFA3061226C5,SHA256=6CA5E5D142372A29ED3A21C5C0CCAF39AE4DD81877C9725928BCCBB2474934C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.530{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\da-DK\MpAsDesc.dll.muiMD5=7002E37D15578AB76351D48E5DC7A041,SHA256=AEB31511AC56F7C92236429D3813A46F00AFD764AAE729F7F970545F32F2D30F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-shell.htmlMD5=9D7AFA36705580C2276299BD64D031D8,SHA256=30D0242D4FCAF03BF2DCB3BEBCFA92951BE3B6596E3587BAC822F98CEB5CDA50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\cy-GB\mpuxagent.dll.muiMD5=11039DE43A580BA56A93891D03E1860C,SHA256=E60E2BACFEB8E3F6546523C994E53BB6F642F47922D82C082808B19CE7F058BF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-sh-setup.htmlMD5=27397866042C8C29A559993183F07B7E,SHA256=796F72A179C4246C2E2DB1444CDA55C2AC2539C01B24074771143BE048B8115B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\cs-CZ\mpuxagent.dll.muiMD5=8428C747303945155EB786D42DF5F80B,SHA256=4633D24A1145C73F1B30E0CE5115C206148D4101F189CCE7F46ABBBE55F85D9E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\cs-CZ\MpEvMsg.dll.muiMD5=1B94C3DE95A8E4CF7088A3868AD80C53,SHA256=0E24FAFC2D3E78E6432F8002E28DF96F1C9D9D682231C3FA2A7318F3887F5977,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.514{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-sh-i18n.htmlMD5=29FA3E519003F8540A5A30DD8896C839,SHA256=39B696E0F2DAAC6B820F6E2579A018DD7F9B18D0903C093FD03F6843ABA3C5B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.498{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\cs-CZ\MpAsDesc.dll.muiMD5=FA840C2488639346A3B5B685AFA32216,SHA256=C1EC33FF09DFB562BCAE9626FCAC25B2306FCE6B94D1533687538E0BA5656A83,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-sh-i18n--envsubst.htmlMD5=0FB1EDDB1DDC8C3C5EF85F957745DE07,SHA256=A164CDE99D988DCB8581837D97B824205C5574A7B19C599963741F6D24DF20B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.483{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-send-pack.htmlMD5=0E471640772747F726EA3810176EA415,SHA256=BAD75D82768A21D642A64863429DA0B97BD80A2566C9BF3C4D82522DE834466E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.483{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ca-ES-valencia\mpuxagent.dll.muiMD5=2F7CC3AC02551F51EB6375265D115BE0,SHA256=C2BEE351A04A1327E15E08494A49BCAB5D06E29E27CB1E0E8733B5542D062740,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.483{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-send-email.htmlMD5=1F4FEAB28679A75B5D986D5A6FA56C96,SHA256=127EC2CBC88FA91C00A2D0F8FE8DBF1124D13C79689EF0BDACEDC5B61A3F8418,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.483{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ca-ES\mpuxagent.dll.muiMD5=506079C24A07C5EC10C3D83BFC7A3C71,SHA256=BC7325278F6708D9578976932351221DBFF7E9642FFB37614D7AB3BF4E6D40E6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.482{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ca-ES\MpAsDesc.dll.muiMD5=05A82F52193DAC30031F88E1184566A6,SHA256=A6EA3A48442D18288562F9307BD7325725B7890599DCB6C375D7375C40043A50,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.480{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rm.htmlMD5=E818537891BD060D07FA9F201EF48C1F,SHA256=4366DC5DE205044CE9CF069CE924330366D060F9BE021A76CA2C1EDA7A09A5B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.477{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\bs-Latn-BA\mpuxagent.dll.muiMD5=02D8182839C7F969FD9ABBD1EA9F106B,SHA256=FCD0F0DAD9461A7C75E4203672E09F1CDB50DB012A20F969CE9AE2FFFFC9E35D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-revert.htmlMD5=1C735C927682DAD6E1CACF0F894FBB14,SHA256=94708C77FF16411BEEF6747D13D05149FFCD10F41382A86DDE7C7818BD37897C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\bn-IN\mpuxagent.dll.muiMD5=0AAB9273EB8B1544410CEB9AF7FE24E5,SHA256=C86973D39EF05F56F47B3AE96CED1956831BC48AE59FED68457B48A16B48AA57,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rev-parse.htmlMD5=F578565149FAB1B01909B106DC3081C1,SHA256=586388A11BEC46FA7AF11156383B0B31C3E341E7B2150D2801DDE81C3FDC7D9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\bg-BG\mpuxagent.dll.muiMD5=4DFD17A5DFE8955E36D316F8DE387EF5,SHA256=884760A6D0F6FD86EF676A48C27347343909E5D96F3B3C563EB6B798288B2B5B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.461{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\bg-BG\MpAsDesc.dll.muiMD5=8B3CF5F422B3702DB51A1BBA61383DB5,SHA256=C744BC8FA99D069AB48DBE2FF77FDB91981ADFCDD49CB0552066C52583BDBDD3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rev-list.htmlMD5=4B18FBCFD968A91C87FE234A07065025,SHA256=A6DB3FED054B5041EDB3ABF64B35A1ABD09E9EFF309F6805AF21FD06F72CBD21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\az-Latn-AZ\mpuxagent.dll.muiMD5=B086D69050D7E5F1BB9F88226C1D6B78,SHA256=134D8BA36231A6573B104E189AC2C802959B93E875FDAB76BC6097D5D50FD01A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\as-IN\mpuxagent.dll.muiMD5=9E43EB454C70483DE65235F9F535DA37,SHA256=259BA6BCDCFF400042CD92E153A4A0AFD72DC2CAB3CDB386B2FDADA27084805A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-restore.htmlMD5=D4D31CF836912743C8A7B2A9FDD48BFA,SHA256=6053DBADA608078B86A26D31F2088092251170747CB2326048EB54F4F7E7EF75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ar-SA\mpuxagent.dll.muiMD5=F218A80AEB9611847C734157608F0F4A,SHA256=EE35A4337E624310B95BA0CBFED50555035D0DFC7765C9450DEEFF2F18744797,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-reset.htmlMD5=2556180B5739AD3989197269EA2ADAD0,SHA256=EA0DA7031040CAFCB034C227F2217072225F41CF87BAA06FDAE53212C08D9AB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ar-SA\MpAsDesc.dll.muiMD5=53E256868F86F9BFFDC7DEAB4E9404AA,SHA256=A01FA79CB461438CD6970E7F0790C5BF6A2EE824FEBD1D58D346E03C37D334F6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\am-ET\mpuxagent.dll.muiMD5=0C2B85019D58FA746AEC3D5A8F74C495,SHA256=5FB99F39600BFCA3F5CD7017FD7A6502F1DEE92D89F3F3802ABC5639CBD405A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rerere.htmlMD5=C5440DF39C8C140BE8492B4CA362CBE8,SHA256=90665F4032906999BA29762D68E4205890BBA874059D9A651E3CF021CCE7CF33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-request-pull.htmlMD5=780A89F8B776225BF42B42AC2E8C7369,SHA256=2D833D9370C8825916163ECE217BAE69A13BDB258F53D5346E4E4A71AECCAD89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\af-ZA\mpuxagent.dll.muiMD5=4D99797DF62E0BDDFA99C3B43811EF93,SHA256=48689B259689596D2CF334561F770A3D5304DBC9848019DFC3DDFE6ED81C1997,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-replace.htmlMD5=6E98CACF7E836097CC0E83576A1113D4,SHA256=A17967FEC5F09BF5815AC46B076C2083D7467942D2EDFEBA871BA03435410982,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.430{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ThirdPartyNotices.txtMD5=CE7313760386B6ABDE405F9B9E6EA51D,SHA256=73E26404B3571A9E859B3A1144F54C353172479586E0A23C3A7DDA0C1C0AE919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ProtectionManagement_Uninstall.mofMD5=72D045707D108D55B76CD70AD9A84AD6,SHA256=30A0AD834D7B3F4FB47010B4BB6905576792E83064E9DD858EABF0CCA17FC3DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-repack.htmlMD5=5194B7447FE0A0220FF8C04417BF4DA3,SHA256=49597AD0D4D40B4E305AC0C0A2FAB171577ACC52A053B8070F2A581C064B9F78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ProtectionManagement.mofMD5=D9619BB89523F47C88DC5FC8BEA50BA0,SHA256=3ECDCEF5A04C90CA1EB296F3AE4F1C5BC96C371E84BE927C25FA64D6C74C34AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-remote.htmlMD5=8310CE9D2D4FB2F390222D806481E59B,SHA256=4EE74D1781DE47F54FD9EED8D47074F58BDD2D61C4D165A89035CA2A1D8CB6F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.414{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-remote-helpers.htmlMD5=084B3CF5CC7C67BE5437DE4546E31F73,SHA256=9424E20F008DE26CD5AE5DA27504B0A96BEE18E5B5EFDE5D8C8B7876B84013DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.399{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\ProtectionManagement.dllMD5=0F9485E242400DC47A9FCA73A3443120,SHA256=8DA908D6AD4F307D6AAF8CFB1A9C27B3F3A285F84B1F3C817F50D7B154DC575F,IMPHASH=170002200EFBB48482AFA5E458D56D3Dtruetrue 23542300x800000000000000059694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.399{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-remote-fd.htmlMD5=E917171BF81B92CF8EA436135EB6044A,SHA256=69663C7F2715C567076646043B762364A4679853B6D68C32F9524A46C6DB1F42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.399{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-remote-ext.htmlMD5=42F0FA965BE9CABDB5F5CEF45CD825F2,SHA256=5AF09C85D3BBD607C0101D08AAD416C8F0988CE82A3119C795A2C26E43053352,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.383{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\NisSrv.exeMD5=054F919445EDBC999989A1413FD87437,SHA256=A124EBD9240AAA542962CB2A1059B6315E9F2183CBFD08B4E8029EE15B6A009F,IMPHASH=B4267FF023C00AB6FBB4972C1FB30C34truetrue 23542300x800000000000000059691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.383{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-reflog.htmlMD5=54AC653A29E1453422C98DFB85834C41,SHA256=474B93119A7999C30DBABAB702ACE5F3DB42F2A5D014D097BDF9DAB36AF8ADDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-receive-pack.htmlMD5=6CCC8635B6FE6839DEEFA47E1BCC0298,SHA256=D99DDD5A45A6BDEE13C81934E73E9AC615AFE2E7A68FB60C163B0D37EE1D4D0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-rebase.htmlMD5=CED46D800F96B298427E26F1D7BF3B1D,SHA256=7DDC1A43C44E0931FEA3A49F5E1D96F439C17D55C1A937271DEEB85A088C27CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-read-tree.htmlMD5=6213239EA600AE9415255807323ED57D,SHA256=6FF2A94FEB0803E2242B481FA4A68CB06B585E512CCCEAC19E8348E9C919871F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.360{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-range-diff.htmlMD5=1B2AB38D69F9CCFD14C87E66DC298661,SHA256=F1AA25666AF2216E5C2509EC49AA5CE2D0E56EB16C0532754EE10728A07D3FFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-quiltimport.htmlMD5=0054794492358E966A6D6AF2393E3E1E,SHA256=03BBB3DC027B507B233BFB04A8115029D99B0EA6D51F9DC7A2F70A20472AC6C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.344{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-push.htmlMD5=47D7F21BACFD4D89E5632D93F5996D62,SHA256=159D7099F3812EDBBE02A915D88880C3099F42A7A3BC93F590A0E4E57D62AE3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-pull.htmlMD5=DDFBE1F4878525E1EA4D832820B3583C,SHA256=7A6C6B3C0C126E352133B84C617D51FAD76339962A05F4575F4D67E5A1DDDC07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-prune.htmlMD5=03A771C503ED370DB7F59BF43631620D,SHA256=1428786C15EC6FDD46D0AA3548C4350DCD1EDD56C845469680F2A77469024AC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.329{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-prune-packed.htmlMD5=A6330D28DFCC5ED321E4337BEF294D3C,SHA256=36EBBE58D632EE219E5EBC29ABC3491CC3C98BDBFC6965E4880B2FC900B5D476,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-patch-id.htmlMD5=E09F5629272510A41D5F5A8273706484,SHA256=1D1271004AF90C2E6A93CCEF25688641605AFBA3BE75170F8120FE0D91251359,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-pack-refs.htmlMD5=3667A575CE70E880DA7D75D292A47B6A,SHA256=3AEA09026ABC53A290B429F185F59D17C3F67B3F411B828C3D9A44F0D0A2C34D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-pack-redundant.htmlMD5=50941FD5D9807261741DA445B09E3515,SHA256=AE4B245D5F22A104E6122532A70FC02C260590BA1D0D86EBF7D38F6C79AFE059,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.297{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-pack-objects.htmlMD5=6F9263BEE995BCE481935AE8509530EF,SHA256=5217E2507CC5E6595DBDA1D9EF0A7E72EDDAF92BB7ED43190601121B542C368A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.282{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-p4.htmlMD5=64C93FA3918491E33BE05C4577CD067A,SHA256=861FA1AD886A89DDAAE3B50E5C72FACB5DECDF6993843EC6AF2417C0946EB5D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.282{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-notes.htmlMD5=6F51970A874D6567BCF5CB2EBCD54C51,SHA256=5F49B8EDC83AC1D841F20D0FD1793ED47FB3342E7FEB9988C151149CFCFC01F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-name-rev.htmlMD5=BCA6E60655121494A4DAABA99D094ACA,SHA256=BF62B4626744DFF620BD10A7E731D3A4EF350C077F50E28CAE57F3E5A0D57FC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.260{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mv.htmlMD5=E2939C347136FEC608198EB81438623D,SHA256=DDB414A699A8D015A6D827C15DD6A88989D8B0FB809A9CF3B447307D34458F65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.260{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-multi-pack-index.htmlMD5=977D39B0F316A7119571EF23032DF498,SHA256=0B5393FE5E005398C5B3184E7AC429BFE685B121D7EDB87299A1A547F45A35E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mktree.htmlMD5=AF04ECF7DFE3B36EF6066ABCCDB0D55F,SHA256=5F49EF774D9E5BCFF0A73E9D81A05623C2682024D0636F85DCEB1C966F1EDAAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mktag.htmlMD5=9E3038A410D48B5A90329C435BE7A964,SHA256=13201632255C7F587A785DD166BC264B39653370C264684CCF4C56951BB7F407,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mergetool.htmlMD5=0A16011C071607BB5C6BF74C417067B9,SHA256=B697277F94E30C4BD88561D5AB438BF8A9578A3A67CBC04A680FA813687C08A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.244{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-mergetool--lib.htmlMD5=21360075D457C480C686CD0E8B15FF8C,SHA256=7136CAD94418D494A42194CF2C547176E1015ECD999A382665F997E5654976D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge.htmlMD5=AC1F33340F9ED283ED19DD55EC22835A,SHA256=4B4DF99C9FB2F686AAA20C225F65FC727997A5FF91F369618AE84A398981CF8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.229{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MsMpLics.dllMD5=7B842DAC975E04C90F9B23B7D04B5160,SHA256=61D412008B89D3B931BC9E8AD731F792DD9EF2D2F147916103B8F9392CF8D501,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.229{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-tree.htmlMD5=A22DC1A27FC38E7FC0E9BC52731DCC6A,SHA256=083479AF27F96CF93DB843AA02F19EC033A3289730716363892E5A015FBC91F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.229{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MsMpEng.exeMD5=15D205854CA62B75C0BF447F9DD8119D,SHA256=B815A94D49CC0E8DB03456CBBAFB4A052F481531F8768CE704A2A012FD84B7AB,IMPHASH=99C98AC382B2B1D56BA3D07EBC95CDEDtruetrue 23542300x800000000000000059664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-one-file.htmlMD5=41F161993B1B5C9C9DD20FE260B451A5,SHA256=87FD4DB4D05AC281FC188BC004FBBCE9BAC3597A64A19F363DBFBEDC8BD6B2D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpUxAgent.dllMD5=68228D20DFAA033D246B8BED272CF92C,SHA256=C44F961691C4F91AD370985D5EB281F843EB5DCF6F5EC98D9C9A509E789CB7E8,IMPHASH=8CA081F2F7B12D686C8459E89B4303AFtruetrue 23542300x800000000000000059662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-index.htmlMD5=846787C4FD911B0899B212DC921DCE9D,SHA256=15B94BA89B01FA6E9CF6E3A0945B30C5ED6055BB9254AED2C0823E053F24F545,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-file.htmlMD5=D0821E1A6073CC36BEE9D3006DA0CC27,SHA256=881893B4DDE87DB780F70947EDD0C2FEACA6D526FE8836F60EA448202B994E33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-merge-base.htmlMD5=2F09224A6A1617FAF7AAE7B11F4FF953,SHA256=91103318A694F268A0A7B38D7984F6F47DF81BDD4A4EE036474FB3257C941F78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.213{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpUpdate.dllMD5=BA4E1FC83B68F72927F58BBFA064C294,SHA256=23C224794D0342F3C97D6F104B40465A8C314186DD3A9F0CBBC9A9441700AE83,IMPHASH=FF86D41A21C61CABF3B1B37C0EDAAF4Atruetrue 23542300x800000000000000059658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2109.6-0\MpSvc.dllMD5=0618D6AA4B96E666F1C3B79CA1531187,SHA256=89FD82BABFEE76643CA0F3DC4730302575E2BCCB00F744090D9E253A8CD9EE53,IMPHASH=92FDA95C32C79BC85B7FFE35C7460B34truetrue 23542300x800000000000000059657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:33.198{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\git-maintenance.htmlMD5=22E9EE6C8AE9A6605C67DFF285725684,SHA256=45CD29A2DD7E27AE0FB3F2AE8B4DE210EA2E0C516E1566B489446BE8EACBD1A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031805Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:33.768{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=509CA3E23EC96F7F02F1DFC7FDBFAB74,SHA256=CE82419FE6701E66E311A78D3E21EF4D5F331DF4EB844A3FD291C16810D5FB9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000031804Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:31.937{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51386-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000060169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\licenses\ncurses\license.TXT2022-01-20 07:58:52.694 23542300x800000000000000060168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\licenses\ncurses\license.txtMD5=CC0A55715A7A16A0B4C47ED044C9B934,SHA256=C6D48FC51CD703F8D17788D84398A6E424B9AF40E1D624A44C99572F4E4FAB25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\icons\locolor\32x32\apps\gvim.pngMD5=C6979E4A62E273BCDC3FD0D3F297477C,SHA256=8E581FD329182684BB816113C7CE8989322E012B2A77D2A0E4C1590021860B42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\icons\locolor\16x16\apps\gvim.pngMD5=0101441754B003FB7FBBE90DFE734F52,SHA256=C9F8ECC9936EF3CE54F5B9B2AAC816B9539B753236C53E249CDE0F2791AA4712,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\icons\hicolor\48x48\apps\gvim.pngMD5=15A993017F77435643CD32291E7BD436,SHA256=F1983ADC079EC56957131A19F0BFCF627231FF8ADBE51FB112017FA53199FF73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\up.pngMD5=81854A03247E9BA6981EED0B909B9C42,SHA256=C54B75948F4D26357DD018159078F36F90DEEAF29CE3B9D2BD0EA6655EF1BDA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpRtp.dllMD5=B2BF088D673A41015660F06122544306,SHA256=DD0F7E91CC8070701CFB6E5AA8D396BA4EC10293070A2A39CE734CA933B4A5D1,IMPHASH=284241B97D473A4D0B3D15E1ECA07B6Ctruetrue 23542300x800000000000000060162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\up-insensitive.pngMD5=97C742A19428C428C552A380AD9FDE9F,SHA256=0420F2040EEBF418098A86A3FB2EF5A9659C87D37B81EE85B69316B045A9453A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust.htmlMD5=E72A838BAF517FE97275696A76FE6E96,SHA256=40A0E8EA9B4365D571B40AAAECADF2CB003692595F64AF442E4E91987F0A9F12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust-nss.htmlMD5=9928025A1D3FD3296A2DF7E5EDAC36E9,SHA256=45AE78A4D11B08F56D0990C85B7046F9736CE21F22F527849DF642DF37524A99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust-module.htmlMD5=B7B46DA8DD9B65EFF245AAF1278EED1E,SHA256=01B2F2DEDF99589FF32523F8DBBFF154D23E7E09FC7AB3F59D09DF2964CC0DE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust-glib-networking.htmlMD5=DD139095CE3B09C9A1373FE0FE817A04,SHA256=9509CE3F613DD441B9967290E10CA5A76EF6157BBB10A5C0B6B2B990D572B380,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.900{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\trust-disable.htmlMD5=6DA0A6813E46022514FA495E5B7E95A3,SHA256=E7CD84961A9A19A5BC6D27787F87F58E23914B246F6079B22134409AB7EF8680,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.893{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\tools.htmlMD5=2C032DAA8AAED0E7AE178AE2796A9D2F,SHA256=44A22F99BD5D70C3105F6CBF7672BDA673074D636AF1B4D5F4A59572431DE322,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\sharing.htmlMD5=D7EC1C529283A58ECB3032DEA22ECA74,SHA256=D674442C60CA917C02AC12FE48FEC1FEF70FCB0EEBEA37E9AAD94FEF1EBAA1D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\sharing-managed.htmlMD5=1610D61997285007B8A5A6257BF5C15D,SHA256=0FDCB79693B213C6E69FA2D063D12B789837EDEDD5799E9EBCFE7C2254B25DE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.877{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\right.pngMD5=BD51FEF29CAA82CB560340BE392B37A2,SHA256=0629AD38280184BE1B94602F2015707A28170151058F7171AEDA501FCF0979D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.861{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpOAV.dllMD5=1EFC781902A9A6D9B41A637D6D208BD6,SHA256=69393FFD5B8CDF374EA7A98AD71796B2F51BDB70313F43FFD319E90FB54C0A2B,IMPHASH=03EE692DE6217827EFB332DB1F358A4Ctruetrue 23542300x800000000000000060151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.861{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\right-insensitive.pngMD5=987CF4AD9491F01E8DB264D38098A576,SHA256=794050C64C498420599162F2B3B6928232DD0BE7991D942B1DC0B1670EB8695E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\remoting.htmlMD5=5C0406B878496B40AE6357B3BB45729A,SHA256=BA9BB2A336EFD06EAC377F5565FF116AF148C078CF875826F305F3D4B2A4E952,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpEvMsg.dllMD5=2C4F5638B077C41E8A414EBCDDE3FB8D,SHA256=08548E5F0088B14904F4204F8E47A29A52B39DA7C95487290B278B40C27E5A94,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\reference.htmlMD5=866D1475C18FA06EB9E4CC9BD8363C61,SHA256=9E02759E46B5F899349269BA21DC5668FDDC38F076A4E4AD9219BCEF1A8B967E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpDlpCmd.exeMD5=45F4A3E1B907587D70B423D77828927F,SHA256=46C1A8F13E5AFC84A647E2E00DBB604FAFD1315265AEB2CAB893995CF0722274,IMPHASH=73B146117A6C5C4715CD7F3710845C83truetrue 23542300x800000000000000060146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.846{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\pkcs11-conf.htmlMD5=BE1A634272C84546A285F64DF3FF55D1,SHA256=1AE1DD46D715339F5D0887649A1EC3D464AAFDCB996B90F8DF9BDAB7B7D93A62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.830{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit.htmlMD5=0178DB9688AF9966157D0FE269AFD492,SHA256=B621F0393582C7E179FCC296B6FC6D0531DC6847BB3C44B8F0C2795B7F131748,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.830{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-Utilities.htmlMD5=05A760EFE075026BCBF6CA5875E96DAF,SHA256=7A2ABC0FC8BA6571A52B1D24E1A494E4EBACEB4F5E9228680DA422C839FB9E3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.814{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-URIs.htmlMD5=DB1C6B2B72FD29A9CF632B15DD32BBEA,SHA256=B81DBC3871367284B85CE5ABC24341EE944CB65A08BE8AA3B046954AAC23D844,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.814{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-PIN-Callbacks.htmlMD5=C69E562A9FDECB7AF957C405D6CDE453,SHA256=F7836D8D332003EE1C51AC9084BCE632D7430B623E70FDAB13934A6805BECE2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.814{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-Modules.htmlMD5=86EB3CE0DCF4261EFAEB630702FAB239,SHA256=0260BC817EFE2D74EACF59292D08DAA339F12B77A4A417859D7502F61401757C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.799{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpDetoursCopyAccelerator.dllMD5=8EFA4D2FCF62C85B514DDEA02A52E8EE,SHA256=C39A8AE6EF502AD32437E942ACB790CD960F643D619F162B7417D62B1F1FE174,IMPHASH=F50111F80E604507B2C7408826513BE5truetrue 23542300x800000000000000060139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.799{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-Future.htmlMD5=010CA784AEF5E589BB3C0FBF923385A2,SHA256=8FB8F7015191C8D00170354B81A8D9C590FE60841B1AF408718EA7D9EB8CE974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.799{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpDetours.dllMD5=881CDD2CD81AF69EF79188AF8F4F79AA,SHA256=BA946465B47B7F1014BE41FD49E37A2423112DBA833519374ACE30837C6A4FB4,IMPHASH=347E3515FA426FC23AFC3969AC2AA015truetrue 23542300x800000000000000060137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.796{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\p11-kit-Deprecated.htmlMD5=0DCF1BFFB308811B5C065DCCF9589AAF,SHA256=32E3901CB45A21C969401729C015E4728E5964F047916B1BBA8465F51E7151D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.794{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCopyAccelerator.exeMD5=12B82361BE827DB8DAC8DEB7566E1A27,SHA256=1F0C41EEF553A8435D3A529B29AC3C0736CDE78F399DDF6434DC81A965821299,IMPHASH=2E64BE4FE96382B4D9FDBC155B3FC191truetrue 23542300x800000000000000060135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.776{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\left.pngMD5=0CC08008324009BEBC947C6AF6DD52C1,SHA256=0EB96FE775524C2D4D4F167D79041B17C5CC8AE9112478665132C31A1417FB4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.776{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCommu.dllMD5=56CE35BDA5863763F46170EF16AA16F5,SHA256=700E0C403CC24B6856F32B9DCA7C5C06A382229755B59FA30D24DB30B9211880,IMPHASH=62F06A360AD973C1B32B3050BFEE8E5Dtruetrue 23542300x800000000000000060133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.776{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\left-insensitive.pngMD5=B992596E1683A40D89D15DC8DCB58C38,SHA256=303355D93CAC53410997DC7A3F9BD60F3CE0D8EBAE7908978C8731FE9BB139FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.776{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\index.htmlMD5=071111B0527374BB0567F0ADBEE8F1DE,SHA256=2B2108A6F13EAFD791C5D6401A31A0F71352942775461DA63FC66A3326AF6E1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.761{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpCmdRun.exeMD5=D06785497C59761CCB542B24465B21C1,SHA256=CF2E3EC88871745526030D5F195AF65464DC27C33588E406CC4ED7154BF7ADEF,IMPHASH=BFE54B9A9FB809E3964F535FD29E3413truetrue 23542300x800000000000000060130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.761{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\home.pngMD5=83CDD16D5FC01D8D7DFAF97DF1120BC8,SHA256=7A8D24B00F5FB6BBB0446249B605EFDD36598E8A0F65AC3FAB2E18438C73B91E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.761{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel.htmlMD5=94903A5C7A72035F9352F51819597AE6,SHA256=43EB89050C915B95BE022DEE64C48B7BA6E782558DB4531316822A70F343E6E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.746{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpClient.dllMD5=6162555E30EF285268C2C31D31F749AD,SHA256=30A26281EB7DAF02F4D48FA4E0636A640F5EE58973774D11C723E0EEFF054FD4,IMPHASH=624E1189FDB72BC74D16BA15256EB0FCtruetrue 23542300x800000000000000060127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-testing.htmlMD5=CE1DAA60E11C2E9F27F77B1DE6434117,SHA256=A3893F3BA229D8582D872357761989A9B9ACAE6D453BBBFD920D373223D27934,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-paths.htmlMD5=E57DD9DBFC6CCF290447C131EAC70034,SHA256=7A0A4947DB44402585341F5DFCA4833EB8A8883BB1B6EE37B66392A68D421F6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.746{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-debugging.htmlMD5=5486E1FAF1472D683E606E5A81581760,SHA256=57739F2647FB69FB1B4178D12535D2E90621DD299F4BACAE60AB120FAFFC12C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.730{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-commands.htmlMD5=A668DCCC8016D127CC87330E046D7762,SHA256=22EBB8E599A7B1C7CC6DFA04A26DEC8FF3494B8ED1D28D9DEF010C465D377BB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.730{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-building.htmlMD5=4CF41C1275486B3CF728329FC6131AC4,SHA256=F1226382D06CC3027E6EC7DF1675798617816388890CAF5C019A0FB6B620DCEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\devel-building-style.htmlMD5=845B61FFF8349566681DD348454F9172,SHA256=CABB1261316609E6CC133428D2C812F91254318BB2E977579323272AC477355A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\config.htmlMD5=02D39D68D955972A2FD49238FF3B0660,SHA256=EE37CF4564E949B90E2D45A4BC19A72D37658AE9281D6B5CE674701083A6D25A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\config-files.htmlMD5=CAB5111F3E0D305CE5D82A814B6FE716,SHA256=E40B1380128CFA983F6141CE8D44EB78F12132EB75756431AE40BD3059B7AC05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.714{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gtk-doc\html\p11-kit\config-example.htmlMD5=B08EE8724ED755EA88A66B32BB84BEAE,SHA256=48EA4DAD4DA66BED21C0AC3BFE8B5C395173C1065170B6B3DE61A401DA23764E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpAzSubmit.dllMD5=DA6365A95C78411696DD0D48421980CB,SHA256=A05B590C79C85D0B3747ED0D72B053BC850052034A10CA37390A94492064F6EB,IMPHASH=300ED5E63E8A71D34B395F9FB0DBF683truetrue 23542300x800000000000000060117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\sks-keyservers.netCA.pemMD5=3CFC5D2867A6672F4F629220632948F4,SHA256=0666EE848E03A48F3EA7BB008DBE9D63DFDE280AF82FB4412A04BF4E24CAB36B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.zh_TW.TXT2022-01-20 07:58:52.616 23542300x800000000000000060115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.zh_TW.txtMD5=09070448C470B393724830A851A923C8,SHA256=1B745D2293BDFA5154CE1278236AC258F442CAEE7D328317C7E475880C261EDB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.zh_CN.TXT2022-01-20 07:58:52.616 23542300x800000000000000060113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.zh_CN.txtMD5=32711126514E9B5D9263A69FFD99349F,SHA256=7BC19422E1C5031A034042EA6E6B8D5EC81857FF9EE4605E505A40105227F90E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.TXT2022-01-20 07:58:52.616 23542300x800000000000000060111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.698{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.txtMD5=8C6EF448AEFF84AC79A378E154FDD2A7,SHA256=A83CDE33912331F7D68CD1074997E95CE3C57C27185424CDB84D98D460A9E2DC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.tr.TXT2022-01-20 07:58:52.616 23542300x800000000000000060109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.693{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.tr.txtMD5=220682465372281151E7E40B546C546F,SHA256=9C51E8863BEE4699FFF0BCE77FF5AAD420DAEE802B30D92633705F509A933502,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.sv.TXT2022-01-20 07:58:52.616 23542300x800000000000000060107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.sv.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.sk.TXT2022-01-20 07:58:52.616 23542300x800000000000000060105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.sk.txtMD5=FFF59CD28F183572140170CF47690016,SHA256=BB6D9916028DD5A14E6EF45D5724CEAC4906B1ED5275B6D49E9460006435AFBC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ru.TXT2022-01-20 07:58:52.616 23542300x800000000000000060103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ru.txtMD5=0DDC84A27580324F65F9FBDBAB03C724,SHA256=6FBA5EE88300F8599C18BACB0B5BBF6518C16C03B536E8EE12B832FE7BC72686,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ro.TXT2022-01-20 07:58:52.600 23542300x800000000000000060101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.676{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ro.txtMD5=89A6FC0DD0A8FB7B259D5E62EC50D35D,SHA256=9A2898D1358E4FAEF974CEB3C515B214FB63E1E30C9FC75D18B4DEC1E6FB1350,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pt_BR.TXT2022-01-20 07:58:52.600 23542300x800000000000000060099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pt_BR.txtMD5=38E773675D99EF7A40C459D68022641A,SHA256=2F941A1B6E5B5172FDDC4AC62A112CB3D7981DBCBCC5DE3F706084210E35D265,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pt.TXT2022-01-20 07:58:52.600 23542300x800000000000000060097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pt.txtMD5=493B0EC423CFDC2FC8656D448B652DA6,SHA256=CBC2F41B6550D1C933158CAAC917A3FB8B967C0A6CD10AF534AD31C3B0A4F87C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pl.TXT2022-01-20 07:58:52.600 23542300x800000000000000060095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.pl.txtMD5=934C96DC3271EBCC317F2E10258CAFEF,SHA256=1C44B176A46CC16B4FBD200B42C6F9D93C054FEC1EC9BB3750B3E44E0D464EF5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.nb.TXT2022-01-20 07:58:52.600 23542300x800000000000000060093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.660{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.nb.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ja.TXT2022-01-20 07:58:52.600 23542300x800000000000000060091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ja.txtMD5=C9BBAECCDB6CEDF36A4605777B159265,SHA256=563AF5E649FBE9EDDC91461543DCE1A2376C019AFB2A8F78FC7E7D3E6E3B0453,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.it.TXT2022-01-20 07:58:52.600 23542300x800000000000000060089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.it.txtMD5=621E06D2432CAB3609494CBB7E6FB78B,SHA256=D75E4557580C0F681A5507AC7B3C0E64365F8CE6D5B37DC6221964631AC69C8A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.id.TXT2022-01-20 07:58:52.600 23542300x800000000000000060087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.id.txtMD5=10FC1F64CB3DB5F7644F76E7C0116B44,SHA256=D8B7ECD6463697591C771A71AACCDC3DAAC5C90325990FD491B2967396287895,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.hu.TXT2022-01-20 07:58:52.600 23542300x800000000000000060085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.645{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.hu.txtMD5=27846E504B7EE16691D74FA767A94964,SHA256=3EEEA50FDD123A14D07B0DF485CF390FACFC1954B0EA82C8AE0D2C175393DFF9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.gl.TXT2022-01-20 07:58:52.600 23542300x800000000000000060083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.gl.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.fr.TXT2022-01-20 07:58:52.600 23542300x800000000000000060081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.fr.txtMD5=31483AE33BE515F71E55FFDD02A91053,SHA256=ABAD0BBC97849BF71917CA59F579DB0A7CAEA436F523AB592294B4CE80826C4B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.fi.TXT2022-01-20 07:58:52.600 23542300x800000000000000060079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.fi.txtMD5=2F1C09676D19E0665A7796BBCDB43BBF,SHA256=8D89EC6367705A10152BA4F82A0E623851BEEB031D097DD47E731F692BC03574,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.et.TXT2022-01-20 07:58:52.600 23542300x800000000000000060077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.629{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.et.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.es.TXT2022-01-20 07:58:52.600 23542300x800000000000000060075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.es.txtMD5=AA04475C3579B70CD782933202B57A11,SHA256=DB9A70FCE6BED52532B856323F4D4A6A47B7DEF90F83D145E5757C2EBF2C36AD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.eo.TXT2022-01-20 07:58:52.600 23542300x800000000000000060073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.eo.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.el.TXT2022-01-20 07:58:52.584 23542300x800000000000000060071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.el.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.de.TXT2022-01-20 07:58:52.584 23542300x800000000000000060069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.de.txtMD5=2CE363DC4F901492B3378A5890C800B1,SHA256=BF3782730DB603EF4BDDBA546330D7D69B211C22213ADC6D3791E2A8802F35FE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.da.TXT2022-01-20 07:58:52.584 23542300x800000000000000060067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.da.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.cs.TXT2022-01-20 07:58:52.584 23542300x800000000000000060065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.cs.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ca.TXT2022-01-20 07:58:52.584 23542300x800000000000000060063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.ca.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.be.TXT2022-01-20 07:58:52.584 23542300x800000000000000060061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.598{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gnupg\help.be.txtMD5=14A267CDE4AB3BA9BF15D6BAC9EDDFF5,SHA256=05CDF5A33891882A1B96E007C0AC8DC9F99592F3667F79D83904A38E38E8BBE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.594{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\glib-2.0\gdb\gobject_gdb.pyMD5=215586D1CDD84B870B52FC531CD7B9E9,SHA256=461B6D617DC7D006F0A66D81F3A4C0AFC8BF7E917E36386F7C5847FD153507CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\glib-2.0\gdb\glib_gdb.pyMD5=33E70C783DC506475E68067C0BD682AB,SHA256=BD57350A3EC5E42EE707E084F0207F2D1B18AF2BA958668526A209C66654C30B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gdb\auto-load\usr\lib\msys-gobject-2.0-0.dll-gdb.pyMD5=9B26AF3316F1502859A04B3DBD3DB40D,SHA256=96F0363E6B5C121C1794BD92F704761B719EA5C8584AD089CB99388A191B9902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.576{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\gdb\auto-load\usr\lib\msys-glib-2.0-0.dll-gdb.pyMD5=385628B75F5126D509B3F2ABBBA4535C,SHA256=03447CE5479C9845F4EE722F3510F63666CC9A82B1CD3133855CAFDDAFB8CEBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.576{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpAsDesc.dllMD5=35E251E64B929CB6F2A6A8AC4F727CB1,SHA256=AE06DD852532BD69047CA5D061F8A07066122CBE1B2878B2B7DB97626EF439A1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Windows-Windows Defender.manMD5=36F8A68EECFB5B89C4C571F6A63E3ECA,SHA256=4D76246642181E38F87B623AF82BF7454050D05775F546506CFACA1608BE9633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\lib\terminfo\78\xterm.jsMD5=2C0C93DD7ADB2D7828E8E5579ADF5F94,SHA256=2251E380D6DDD02F330EBF5A99F2AF11FBDEC5646E379951D3BC83711348205B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-Service.manMD5=1155F6F2B9350FC2F05CCA5E617BBA5A,SHA256=46E57B7D482AE2F8400A74A13929D594F6A77A2B1E8AC871C19B67068C6EF69E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-RTP.manMD5=0EA061B68884A0E5AD4B1F4A93B1FBF6,SHA256=1F78E8C7AE754DA422F11439E732628BE78F8BC85625CF4EBFFCF64C536679FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.560{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-Protection.manMD5=E4AD891E7B62475FCA109C0DF4DEF16E,SHA256=DF9AD93CDB61587A35FCDCE996955A64413439A474D85C86133A9E9C185D1966,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-NIS.manMD5=5562965C32F03AE0DF8B9DEF950F8651,SHA256=EA64BE59286B67AE930729FA92B2B08DCE5C2EAEB70FEABE2320C47FB6DDAC6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Microsoft-Antimalware-AMFilter.manMD5=B6D65A86FC1999A62DA10EA3C4CAD3E4,SHA256=05B2BFD40FB3A344C3AE178C420A7FEA9595815CB1CC07843078112F5F551EAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.545{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\endpointdlp.dllMD5=210BDBA8BFDB791D0363D3AB15B05BFC,SHA256=EE850D3AB4934998179C92E86BC50CEAA3F37ABB3CB1D219DD7CB17505658AC6,IMPHASH=3904CBB8F57851E91232DF29D0B9DFBCtruetrue 23542300x800000000000000060047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\lib\perl5\core_perl\Config_heavy.plMD5=598C08C0549693430AA10D1D2F7C368D,SHA256=EB43C8D5DCB74F3D9CF73270C1A9EA93611E1BFC95EDDB7F32CFA7CE363CDBF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.529{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\lib\perl5\core_perl\Config_git.plMD5=43C2FC0C6C7FCCE361BAEEBCA99732DE,SHA256=09C5E2EE35EE18D9043D95273F1CD37BC82E80567FD1372A1EB134C809C39504,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.529{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ConfigSecurityPolicy.exeMD5=FA0070C6454041E82EB90BF44E3BA83C,SHA256=50B174E26F4FB9048C66DB961A3B8E6B17A2BB8AC47F1D9D8C5CC51FF7B70BD0,IMPHASH=C1B5D6B4F7C8A5BCC84810A010E14536truetrue 23542300x800000000000000060044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\bin\vendor_perl\debinhex.plMD5=6885508A48BA5FFDFF7FB0E0C29B5C54,SHA256=08A3B551DC20711F4198EDF762E63A3E87C914CA01A8DF510AC5F19516F26F96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\bin\vendor_perl\binhex.plMD5=E28DE841F39EA31231381DA3B73389C6,SHA256=AB28991B25E2606EC10D5AEDDCCC9BD5A6266EB10E3DA8EECD130C0D524B5D7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\bin\docx2txt.plMD5=282ED89E2EEAE6DDDF582BA3E26D5887,SHA256=B8BED3CAB34DD3C3CCCC8AF3C61B9826E478D2B8B1B60F63B66F624F9E993BC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\unins000.msgMD5=0306C36F97AAA285BB14D7BF22D1FED2,SHA256=01683E7177B01F62B2FB2743B9923BAE3EEE2DBE6F556626F8F83A0EFFC310F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.476{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\ReleaseNotes.htmlMD5=2EC39D0CF7B821D9EBE787B96F3DA38E,SHA256=1EC49A9F6C36832C4E5276EEE402D6A27C6E9C5D6472E0F4BD5A0598754FE56B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.476{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\com.microsoft.defender.be.chrome.jsonMD5=60A2FC65D3CC1D3DE9ECD2C5319738FC,SHA256=6C6F52B13235148AF305BD614779EA885C00B64D0BB7CC764E3C67198CC524A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-TW\ProtectionManagement.dll.muiMD5=E12A3EB93E82060580894D175A0E91B5,SHA256=5597AD5422CAD82DDF756E6170F4735A57CCDD4BDCB9B3270EBE724607C37174,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-TW\mpuxagent.dll.muiMD5=9E5F6109AD90B700ECF586295480080C,SHA256=36CE71597ECFE37095B4C80BAEB45EFC940F152C4C091F4A39EB501D0D482B69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\ssl\certs\ca-bundle.trust.crtMD5=9929D5928DD5ABE2935460B871355976,SHA256=53E2BE799A5716D4BD7F17A4D9C7D217D79902AD151617BAC035E2B9BADBB0AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-TW\MpEvMsg.dll.muiMD5=45873C96117D710A11393B0422E339BD,SHA256=4015D90E8A7FFEE22A8E89563D49D5C5256678AB137DD73BD4DD36D334370329,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-TW\MpAsDesc.dll.muiMD5=FE1ED6771512E05369FA523367BE97E3,SHA256=406EE1499AEB17FB024586074CBFD73BEA89C50BD0E4357C582A08886775C45F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-CN\ProtectionManagement.dll.muiMD5=133B896870781AE779833BA408F78DE6,SHA256=0A6B7DFA292199568076BEDB1D2E045755D8F737CC71466F90376D63EDB89EC9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\ssl\certs\ca-bundle.crtMD5=90305734BC747686902A268B5492C280,SHA256=533425A9055CC8D17A5C05B04454DDB5EC45F0C8E7F05D2F035866154C62B8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-CN\mpuxagent.dll.muiMD5=69E39D7238D994D326AF1B17FFC162F1,SHA256=F72A98A1D28A9112C8B68D4EE986EDDCA7AFD091E10E5C2CE024061D8913CB93,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-CN\MpEvMsg.dll.muiMD5=BA0F9B0545963149BDB096B43A2DB15B,SHA256=66E93D291A10FEE0217F0988005761869F6B29D021E1B55062AA6E9409B50825,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\zh-CN\MpAsDesc.dll.muiMD5=6675553BABAE7D2690615D9C0517BA94,SHA256=5A156ABBBE81E95C350A05338CF5D7632948F117DFD95CEC4EAF52F9E64E3097,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MsMpLics.dllMD5=0B1BE45EE3ACDBC3D5BC36FDCC8C08E0,SHA256=5457D5F05AD3DFED10961F053BBE242F78F13C773A466F7E8C3BED5F36FCCCF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\ssl\cert.pemMD5=90305734BC747686902A268B5492C280,SHA256=533425A9055CC8D17A5C05B04454DDB5EC45F0C8E7F05D2F035866154C62B8A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.445{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpOAV.dllMD5=89340D85A12452006E5A19DB7EF1F7FB,SHA256=1232FC009E397B7AECDE284E42F47804F839C29257DE6CEADF85F8759F0A7270,IMPHASH=B153971B18B753F5A5050CE54B02C2E0truetrue 23542300x800000000000000060025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.429{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\pki\ca-trust-source\ca-bundle.trust.crtMD5=A77598081B45D0846D71A026DA9DE645,SHA256=0ABD810125AD95057103F014A7F72A03675C96289A9F9B79487FEACA860A29A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.429{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpDetoursCopyAccelerator.dllMD5=DB61CE19954A7CDDA5A5C8771ED74E61,SHA256=61A0B5A24A74E4D5B4D47104BA90FA628FBB579F5B43060F6C6008B8CC3A187F,IMPHASH=74478D3FF071B77E9B32D63F1F5AA17Atruetrue 23542300x800000000000000060023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.429{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpDetours.dllMD5=D7F744F1489C742B8FE86D4353A64E4B,SHA256=3E75A0F63364934E7877F071E5AC480AB20EA8977C0804D8FFF73B0205AE6620,IMPHASH=6E757FB64260833FA5C6C4D97D8045D3truetrue 23542300x800000000000000060022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.429{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpCmdRun.exeMD5=FB30259AD00D4D39CD0058A4E82922FA,SHA256=656678C217F130CDD6A95A2D8210DA879EDE43F719232CE9DEDB37A4DC9E0EA2,IMPHASH=D53B9A9284ED1C3789C06C4D975F8A59truetrue 23542300x800000000000000060021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.413{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\pki\ca-trust-legacy\ca-bundle.legacy.disable.crtMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.413{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpClient.dllMD5=497CA375D5F7C7762DEDD2EA71EEBB95,SHA256=69E2E0E8892858A6A109576848DAFBC5F669EA57D3B8E6864A332BDB17DA917C,IMPHASH=0E644468AB17DC09175E735D79CFB0C0truetrue 23542300x800000000000000060019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.413{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\pki\ca-trust-legacy\ca-bundle.legacy.default.crtMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.398{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\git-gui\lib\win32_shortcut.jsMD5=B875788ED48F2CDBBA08FC704926CCB9,SHA256=05D41A2B7CA9D6DB5913CC6BB8DAEDEF3F36831F216C0D5FC36126898439C92C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.386{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\MpAsDesc.dllMD5=078239B8C89E303984D9705CE6BD1579,SHA256=89CBC3D0AEF648E9F5061C447B569A8BC8427D68E2EF2685FBBBC20771EB8D0D,IMPHASH=00000000000000000000000000000000truetrue 11241100x800000000000000060016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.381{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\git\builtins.TXT2022-01-20 07:58:45.883 23542300x800000000000000060015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.365{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\git\builtins.txtMD5=4C60D2DFA0A2412C19BAE9F98870DF9A,SHA256=5D781106234036F9768BD7EDB365638465960A5D7E9B0A3A5B362B02D510D900,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.365{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\endpointdlp.dllMD5=DE41663E3C4486037FCA0238C7CF4DC5,SHA256=D3090FEDB2E55B1E231886129A9BCC9DD7DA6197DD1C67BF99A261406F566E42,IMPHASH=D1B6B842CD4F76AA52E0066A9B58133Btruetrue 11241100x800000000000000060013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.365{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\xz-file-format.TXT2022-01-20 07:58:45.866 23542300x800000000000000060012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.365{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\xz-file-format.txtMD5=A9D2EC7B913CB26F010C32B0F446A4F2,SHA256=FADA567E0EBD8B910D2C3210D13E74F3FCC8475D64E29E35DB0FC05E3C6820F5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.350{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\lzma-file-format.TXT2022-01-20 07:58:45.866 23542300x800000000000000060010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.350{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\lzma-file-format.txtMD5=675561BFB478DA8047291081D435984E,SHA256=0E961A7244CCA641AA33619E9C9F0D795F9CC95657245F5D157E5BAD05D3DF66,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.350{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\history.TXT2022-01-20 07:58:45.850 23542300x800000000000000060008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.350{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\history.txtMD5=69994BDC0F7ED9B9E17D0AF14424A055,SHA256=9D6A0A72822734A0AFB1816E07F0A7EDAB03339119BED4F393C1C7EEC884EAB6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\faq.TXT2022-01-20 07:58:45.850 23542300x800000000000000060006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\faq.txtMD5=62B2A9255EABB9F402A968E2E7D8509D,SHA256=EFF832647A62F3B582E0255A8D450523074874D16BF3BDCBAE76ACBFE23FBB29,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\examples\00_README.TXT2022-01-20 07:58:45.850 23542300x800000000000000060004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.335{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\xz\examples\00_README.txtMD5=94BAE4D2947BC5736722F20A301412BB,SHA256=F0DDAA731C89D6028F55281229E56B89F32B8C477ABA4F52367488F0F42651BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.319{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\mpfr\FAQ.htmlMD5=BBF2341B37D038BF06C853E1A1899250,SHA256=0497A766A010182361B0680F07430C92F00824B608DD55313F7AA41E4B7282B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.319{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\jemalloc\jemalloc.htmlMD5=3AE6A2F091A4269157ABC63A4D62D826,SHA256=7F13CB0B2A6018F744DACC47D1932EBEFBCD5F52BB8D14853E1565C79CC7AEA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.319{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\X86\en-US\MpAsDesc.dll.muiMD5=E0C0D520397694E20324B818C62B8D9B,SHA256=58A855DD11DF04C39DCFFF294FC6DF90EBAA4AB40DA8A66F205DA550B1D50E93,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\vi-VN\mpuxagent.dll.muiMD5=73C39116253B24BE4ABB60C92AECF75E,SHA256=BF0979093CDBDD33EE605C719CAC698DFBE839AAD9DA0B7117CFABF4A66EA225,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\pkcs11-vision.pngMD5=F62BC3771805BC323CB7713C4F47C67B,SHA256=B75EFAB869B15D8CAC0B8EB2040DDD675A2BCDA6CF1F2D3A1CFC9A4401CF47B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\vi-VN\MpAsDesc.dll.muiMD5=3D36EB51DA4ED341BE6A5F086C967CB9,SHA256=D2EB6140A5969E63E7EB0D889EDB236FCECFCEC0998790F69E7EB6CFDA45C914,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-x509.pngMD5=E2DA3980D229D2DAB310E03019872B95,SHA256=0ED4747B681FC63ED7D78D0A6EDE3C6147F6A42E7026FD2BAB0E1C3773E9C35B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.303{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-modauth.pngMD5=F28A236ECF57E0BA049B0BF1AC7757C3,SHA256=812BA50C7D9E00A9186ECDA8F2EB944A0C79C985EB8C7DA5B90839A462A42DF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.287{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-logo.pngMD5=1AD8D260BAAD6F9DD0350D77D0F2DB72,SHA256=92CC3CA28C334605BA1553CD4F4A2613E18D0D29FAEC064AEB793E05BA12DB20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.287{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-layers.pngMD5=5ABC60F7CBB2EF6212D2112ACE59AB3E,SHA256=BF0823FF9204ACA11004451808C8D2F4515913A53F327F439FC5DFCF6D5F0237,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.283{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-internals.pngMD5=CC9F6420ABEB2139378DE646455E8D47,SHA256=BBBD042830003346600D3FCAE05A68049E925D2C27473FC26536D925433022E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.279{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-handshake-state.pngMD5=CC7A49B8F5F09A917AEB1447BFAA2A64,SHA256=69CBEBF1C38B804D8CDE9AD208AE2F131B6410FBBB358C2D2C312B38547C0CE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-handshake-sequence.pngMD5=831EAC9E03764D3FD7151E6AC041BCD3,SHA256=6F963810FC53ECEEBEAB20AD94590D6362A3A62D3C088F9D5C891FA4C3761548,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-crypto-layers.pngMD5=C0AFAEA0F7179488E624C02E63D8A251,SHA256=819E74418CF3270AD1AEC874579E8FECC46523E6BD47B81A2FE71CD9C327E371,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\gnutls\gnutls-client-server-use-case.pngMD5=488BE8F6CBBE732F170D61CD526462FC,SHA256=94C73005B0236290BE33578B10FC6B502A2A3AD25253C6B4E53AC6601A3F2C4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\user-manual.htmlMD5=8EACB03E8FB24901287BFAC1AD5421D7,SHA256=2BC9CA03D76035E55E2FA731C7B5BBBE4B59020FF3234F1D58FFF884CA91E2F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\trivial-merge.htmlMD5=74BB6C755D33802C3BD46F6D2705BD64,SHA256=C2A663AE366EC3A66569B57C9505E8573D76BE02CF181370DD88FA83566BF2F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\signature-format.htmlMD5=794F0C8A217C9F2AD05AD4AAAE70DD77,SHA256=9C5592A26E71B7F9CF0CF7E66F61031C8EABE33DB664B3EB5B5934BD74E44D7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\shallow.htmlMD5=D6F6A38BFAB658664C07F4FEB26B7D3B,SHA256=19402D6A9A4248C9FDA53EEFA0EB9333F224BB6DCB526C0B9008FFF8550B27FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\send-pack-pipeline.htmlMD5=5DBF0A245F9B9257E1642D1C33297DDE,SHA256=D384C7BC33F908423A0C2E9E2EE7E4B211CED3DEB10A4E4D7FA9260231759B53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\reftable.htmlMD5=04FB8177CC6DF8A1C3F08E83D16F3E6E,SHA256=079D8E7844BB43AA734EA6A53CCDE022E530E6CADB80C347361B79189049CAFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\racy-git.htmlMD5=E9DF4D8D2EAEFDEE426F2A433E7EE427,SHA256=A057640EC5CA20E9FFF8BAEFDE4535792306F21148605BF8F135F3217B43131D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ur-PK\mpuxagent.dll.muiMD5=4DE6A10DD51B409670FCDB4B6DB1E630,SHA256=A39764F3391C4DDC93682FBDF2D128D44A365E2776475F42ECBF39E0C50A4338,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\uk-UA\mpuxagent.dll.muiMD5=393B8689A079AA69EA64BF6D67C65DB6,SHA256=FCE923C4C9E7CF1EE8FADF6BA6137E8C7BE709947985D71B91498CA849E9A2E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\protocol-v2.htmlMD5=39AE499220088D28858AFA126CDC57DA,SHA256=9A1E2FD2D16D79A2C823E88B8AF7CFC6F7CDEBD754558141CA7A967FC0905F80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\uk-UA\MpAsDesc.dll.muiMD5=CC0193355AB7579CEDC56C938F1AC223,SHA256=11FDE5D9E41B8EBCBE8B479F66B9284E7FEED665D301150CA4DD651A3343250B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\protocol-common.htmlMD5=EBD3A3EC03BA16290513C6B99023DB42,SHA256=B7AEF53511343FC3C8B17C5BA733B16C1B6FFA55C68C77D7E7A59E5F65F10E02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ug-CN\mpuxagent.dll.muiMD5=7F5EF7CEE50DAC6297A69A62E4E359B3,SHA256=758CAAFD39D25BB0A2091BD72E4A62A10D9E2F54857FD3B84D5BBF79D8125376,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\protocol-capabilities.htmlMD5=B540FAE11F7B7483134CAC56F6E94D9D,SHA256=1C767BCDA2E450FDD048AF7CCBC232CEEA7AD7A8B214572DAE0B29EFC23E2D79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\tt-RU\mpuxagent.dll.muiMD5=24EA02B8DE6CAEC0E1509C337CD58503,SHA256=C0E8543181A454D94AB9B469039A8A7642EB70BC73CEF67897FBAAC99E840605,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\tr-TR\mpuxagent.dll.muiMD5=F63FF7978B5473AF74E71DD7E7F4BBD8,SHA256=34FC4A6AF0FC97434D8837D6C7BAD01AD9C342956A12731EE49DF43FC7D72F31,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\partial-clone.htmlMD5=3D1F617EDFC9C7AA8665094975008A6C,SHA256=08B018F1486A4364888BC44BB7461FCA2B2AF08946A5893C0F99CD0135377FC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\tr-TR\MpEvMsg.dll.muiMD5=633A93825BE47C392C5F8EFE409D0748,SHA256=E3DC013BB48E9A7A78EA141A2838E3E5BAAB25EEFE99A4468293893CCC1D2908,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\tr-TR\MpAsDesc.dll.muiMD5=D1AED3929086266619CDB50610E53662,SHA256=750B2AE66639F81485CEED960FC66B984DEEA8DA03B6CC380137F519B4B5B022,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\parallel-checkout.htmlMD5=F814507CD1A275B89B4759AD18FB491D,SHA256=FF54DF1BDE6DB9085318E3A1EEFA99AA20A8F31CABD713B2E09ED98908BA7FD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.184{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\th-TH\mpuxagent.dll.muiMD5=CBCABA1F45DE44187638EA9647A6446D,SHA256=F3128F6591372BC51FDAB478A4BE31EF34553CA664FAB759CC9EFD64E1837492,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.183{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\pack-protocol.htmlMD5=93848D3C0C9BEB2C4BF17F7FB9441D94,SHA256=01376C826C7409A43DFBA794DA4666F19ABBE929B8A7581DD5F48E2FC7AF60BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.183{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\th-TH\MpAsDesc.dll.muiMD5=084F64935D294026EF172CB2318D5156,SHA256=E4EEAB62D01EABECC30EF7695E1971A5677ED924FDF29DD5F2E187D43055C510,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.179{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\te-IN\mpuxagent.dll.muiMD5=215F6A9744ADF9316522ADB3DD811F83,SHA256=7B2972D079DAD26084BE6A752B442D86CF95DD97281AD1F382AE4D588E120A0F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\pack-heuristics.htmlMD5=6D896336F722F36393D0B0ADE9A6FA84,SHA256=6A2EE1A0DA9FD101ACD1A3F0FA167A2ED813D7963B078BA66ABD981651EE9223,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ta-IN\mpuxagent.dll.muiMD5=FC333CCAB5E74219DD25EFAF320BA8FC,SHA256=40D60F5687E2DB33C41D668F6EBCF0FF094CA89928409ACA33D7AC1A8F4B67AB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sv-SE\mpuxagent.dll.muiMD5=1E1765A4F6598B768C84D45AEE5369AD,SHA256=684BDBFEADDA1391B0A2E598D6319D21B8F2658EF2C3F23EB1D939D6154FD323,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\pack-format.htmlMD5=7E6EF8B1399CE15378951C29E05B3710,SHA256=3425FA9B3A2C448E80EC414AB1AB936ACA1A20D335BF3EFB91D07833A84844FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sv-SE\MpEvMsg.dll.muiMD5=7467C98D9A9C923A01B1093A73789506,SHA256=DAE21BF0EF657322CE6D80480954E65974B349524F5BE46FCB8123FCEA96793F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\multi-pack-index.htmlMD5=E61500530CB6B070017E11268F50E69D,SHA256=969339B5358CC2A8DF8D2CA6690599E25DD94EC3BE9F0CDB97B7CDED9BC2EDCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sv-SE\MpAsDesc.dll.muiMD5=22FA233927C07E3BFB8C6C282CF54B50,SHA256=E8BBC76D3A4C0C3484792F6D7253E079713B50A3153DF91CAAB5A77926627F8C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\long-running-process-protocol.htmlMD5=4D38AE7C52010D4BDDF9B1A1F3D8B9D5,SHA256=ED8566F610F864F3C73AACA4283BF05952F4DFDC6A46FACB06669F3F0F730EDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.162{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sr-Latn-RS\mpuxagent.dll.muiMD5=836575BFE3A096419F9863ABEEA64354,SHA256=3C3965740A7921690AD934450AFC800027204334A4CA93D0B02AB260368E8CCA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sr-Latn-RS\MpAsDesc.dll.muiMD5=2843E6043F64CB9A98ED9EE8B6854CC2,SHA256=5B2AF5458F1601DA07EFFAFC60A09EF4DBB474F1576E1D3605499828F64BDCB1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\index-format.htmlMD5=0DDD7E1F7304980A30DF77FDD9A0640D,SHA256=79FD36C9A8FA09586664ADBD519E950C89563F7514337CC1811FE327833A7482,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sr-Cyrl-RS\mpuxagent.dll.muiMD5=E581F4ED51F1486289AE8E4F36B33EB5,SHA256=30076F67CB915294F1F6815B5C723FD7381F4DD146656D31D40F6E521E6DBEB8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sr-Cyrl-BA\mpuxagent.dll.muiMD5=B798EBE07FB2C734B464F4D21D3F3393,SHA256=F276DDD79570981DB5598BA0A8B9E86D934391118F74D18AABA4A66BC7A566BA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\http-protocol.htmlMD5=9DFBD8D4B0D12FDF42499F072220BED8,SHA256=5DAE198377EDCE0EF54E7C7AEDECBF94CF9043EBE584214EF0A6DFD60D4F188A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sq-AL\mpuxagent.dll.muiMD5=B18BFE1AEA30CDB492FEFEDDB2EA105B,SHA256=FC00F0E0D6497F1F7234C2CE42E92C8CF2BF475AF967403C0A62BA4B68DF4172,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sl-SI\mpuxagent.dll.muiMD5=88E0FCBFB7067934FD5E91E8E7684EA8,SHA256=8C3EA953C375E0567235EB6BB45095E94E32A762D0E1702EB7746CEF90D15BC5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\hash-function-transition.htmlMD5=84DEC51910EAF124B4D098C66326696B,SHA256=6C9FDA0599B97098F3CFDC521503045FE335790318843285200B5AEDF3A802E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sl-SI\MpAsDesc.dll.muiMD5=87B11B2EBF429C716388BE4943C9006E,SHA256=0064BD79BF311502606D517DD2C2D3C7335A15BA2A44E8B596FD939F9CF11B38,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sk-SK\mpuxagent.dll.muiMD5=4D348CC38C214243B81B19F2D4BBF929,SHA256=EFDEDE1D72071276418616B4C3A618359411E4455C78A81C12689B0668884179,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\bundle-format.htmlMD5=75DD2E7AD18EA1D71C61E24CAA536BFC,SHA256=738D0BA50E10390E4EAD299781B0D7730CB50BC52CC6D2471C905198592BA5A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\sk-SK\MpAsDesc.dll.muiMD5=190DB3D33B70571BB3B2CB06129E1470,SHA256=604733DB9A871F861B6159E519E502AD8995162E5D23F8186516B19FA49955C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-trace2.htmlMD5=A450246330711BB89327F5389444DFE5,SHA256=B8D8470530B1731B54F10A9A95EC847B8C1710911E629BBB343C3E42E462CAE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ru-RU\ProtectionManagement.dll.muiMD5=B3D756B33B81381224FCA09419EA21B3,SHA256=3F4F5F094F84E074993892B05810D44A8350D1A03846D74914E0435BB1FE1DE2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ru-RU\mpuxagent.dll.muiMD5=7C600DA17273AA335E3A8848C0DF19AF,SHA256=FB480E7F5A47BE1BE1EDF89B45AA03C33E681D0536052F661735E57AB561A78D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-simple-ipc.htmlMD5=E99C8903210D181682FAA1289FE34EAA,SHA256=43F2C5689751056408EE9F64B012511ECB63A227188682AF58751CA598F84E4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ru-RU\MpEvMsg.dll.muiMD5=8D634ECF26EB81E0C0000718452AA099,SHA256=17F19B863CB2D926F151ACA2D354917ECA22999785E2D5A717924DF50E878AC0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ru-RU\MpAsDesc.dll.muiMD5=7670F52F5F8AC59CD100AE817A528C20,SHA256=363201382D6FC4D175EE37931316906DC7F8726CFA4B8B1F41848A9A1AEEAFB4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-parse-options.htmlMD5=8E35A3A8FDF2F3D620681231795CE345,SHA256=0E06E314AA73F7C218398B682C50BF1D3C07275D31CF96C965B454FA67D0899B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ro-RO\mpuxagent.dll.muiMD5=CE59B7F59CD472D593EE595F661675B5,SHA256=F0182D40F48A9575DED545ED497C92C6D854DB7330C66B33269FAF36040310D2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-merge.htmlMD5=3F18726EE1E55CEA663053B0FB362929,SHA256=ADFB8D1E1D4C8B18F11B8030D9C3452AFA0AB6B42D5C1792F1C427E85F93D1AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ro-RO\MpAsDesc.dll.muiMD5=3307650C12B1275E3369A49E8C409D01,SHA256=A5FFB707E70B7A80C67FDA49A6A396C2AABB4A25B184BB101FF0BE119DE199AB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-index.htmlMD5=1C731B6139E0FBE4EA2F2AF9F825F716,SHA256=8C8D59C2A7FDCC579728B413419098E041B1726781C643E6557F4584A263A434,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\quz-PE\mpuxagent.dll.muiMD5=7A86AB57858BF3CB1ABF21F4F4D59A55,SHA256=F995C7F5C57939C90254EBE88FCDA22561FAED8024351A3C1466DDC481E42BC8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-PT\mpuxagent.dll.muiMD5=82B5969A8B8EA9A8B613B12FBDAFFC1D,SHA256=12C42A6FAD9E18CC830A415323021933B34212B285C7D8C466BC1BF863D96CE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\technical\api-error-handling.htmlMD5=1C236DDC8A303981AEB9A77426F896B8,SHA256=F7F52424AF12001A4678A32E97C58EFE1444CF358F93C9B78A86542A215B482E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-PT\MpEvMsg.dll.muiMD5=3149D82F48D136C73CAB3A67EA385476,SHA256=9F350702728B4F65A3A9A6A1DCD7D52C738B2B3F76BB892A2BBC095D04E726AF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-PT\MpAsDesc.dll.muiMD5=C47D80BCDD56B5F2B68EBFCF4794B4A2,SHA256=1B902CD70C15B40F7EBAC74159C95DFA8FCA63AF23918316BB24E7375F42EB9B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\SubmittingPatches.htmlMD5=DAFECD39B332EAF58AC82B18AF117E03,SHA256=482C4586DA2BFE9342E3AD9C41D760E91E0735AC834769260766B9947C978BD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\MyFirstObjectWalk.htmlMD5=4735A79313C1629DFF2AE5458886B69A,SHA256=52B8E68E0B5DDD87BADB70402C741AAB07BA5E804B7B26F2F2EEAA7AC2B0B167,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-BR\ProtectionManagement.dll.muiMD5=F7F7AB3246086AE8A0943A6DA22BBCFE,SHA256=F8402905ACFDDA060842B587AA4A881A199FB04FFC90D8E001893CA1CD203B78,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.084{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-BR\mpuxagent.dll.muiMD5=67761F71C8ACB320F309196929D12B55,SHA256=AB614132A559A350BC2E946158B5F941526A8AB61F7376A298EC1437033B5EFE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.084{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\MyFirstContribution.htmlMD5=B72E1FFED408944FBEC17577D8ED2D96,SHA256=092574D0B1076BCB1F546654291463B99C09F258E03B825868F405B77D3309DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.084{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-BR\MpEvMsg.dll.muiMD5=4A68B2F9155F4367293B01110924FDC1,SHA256=5778C31EC2B745F80C69B5EF288DE0416ED97BFD0284760C54ADE967D9B4DFB0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.084{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pt-BR\MpAsDesc.dll.muiMD5=B86371E1BAD9569A22C348CF83ED4E4D,SHA256=0462C2871BBF997F2A2EA0C64240E794B5F8718E45E33B1E517E2B2D92EEBF96,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.083{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\index.htmlMD5=317C8AD5238572E74F4987B89348DFFE,SHA256=C911936FAA08B716AC42C19937E071CD1F2139A05E93673E67200883951F4569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.082{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpWDOScan.cdxmlMD5=F7FB537DD257D78A1EAACB963E57B51A,SHA256=46C60DF352930726D83FAA8AA04D4344023D7D3C8F9F96425A19ACBD1831B83A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.079{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpThreatDetection.cdxmlMD5=8F81E3B410468E280E4B7F2867264371,SHA256=1AEFA5772C4201C2913C98CFAE4AA582F4FBF2E02C3F54755FA8ECCBE4215CDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpThreatCatalog.cdxmlMD5=4DD6367E1CF0C262654FB5A3EF788636,SHA256=83A91A1DFD94F926ED78B7FFFE682DC5C739A344E204EFA5802EE8A4F7E0EBA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto-index.htmlMD5=97B1EC4E2E607CF1773D07CF91A6F0B5,SHA256=C43C77A92629229FBD4FC162FDDBC5BD89F7C79D8EDB5B9021A3D630E9EA8D34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpThreat.cdxmlMD5=28F5CAF993FEC45C079CCBB68BE4E0F5,SHA256=E0DF97FA1A1119535C81A9B653AD6F2AD487413D79F6721B09334CC6F96B04C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\using-signed-tag-in-pull-request.htmlMD5=D32DAE8A457E49E2BDE3CFEF9FCDE39B,SHA256=F7D85DE74490C78C0088D2E42D7340CC8DB8C889AA4E18FB76D5F9ECE7701DCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpSignature.cdxmlMD5=73A0570D71E8C56D634C25020797C26C,SHA256=F0A6F27660E465E4019DA4F00086E3F1DCAB9B40F54CDB1D8F71D40C9D53641E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpScan.cdxmlMD5=34DEB0F0AF8D042330CE8638F3E1C543,SHA256=34C9A92C669DDA8DDE92C2727B7C0D094AB1DF43689E505503265BE0CDCE36B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpPreference.cdxmlMD5=2451066F85444CD7AE4AC2BAA68BF9CA,SHA256=B7731D830E34684D96F6FB83DDFF3156851B2406B27C5B0CE582F3EE49FEA5DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\using-merge-subtree.htmlMD5=250BBE7FA22C9637B6AA302A6F2D750C,SHA256=E6B4237151BC1B976103AEC3B65989470A7FFA95606B7BE0AE2691E1E860EB7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xmlMD5=FAE1EA35F271BBCF701BADF0B6400263,SHA256=86DCBB78781D0A3EF7D0B4AAF693041629F930DEF24C15C94DC4F8FD44B25392,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.063{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\use-git-daemon.htmlMD5=1DCBE86D1234FA3E097BA809E57BAEF4,SHA256=F36438A490890225568699F1317727A172A7A01986D39AAF7C904E065FA82CD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpPerformanceRecording.wprpMD5=990729AD92C1325C42B04BC975ECBD57,SHA256=E796454FEE4CF17EFDC25DB5FEEF00A5D7C1B335E6C4B4FE996E8AD7CAB01BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\update-hook-example.htmlMD5=6966AD8BAE2F1D9F5736B7994FF7E2FD,SHA256=71B9B88EED229092C4EFF0FE22E775D5D1E3EA1A878F8BCEA478DEC7081F8B23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpPerformanceRecording.psm1MD5=7E1836A5F48C6FF55AA42C13105E23E9,SHA256=CD268EF93A7710242A554296C7FC365F37AA6001B8D8F79E05A30E62E13AF7B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\MSFT_MpComputerStatus.cdxmlMD5=2612420C7797837773F56765FE9C07E8,SHA256=4A75A861C9C0E911B3BB8F4A740357F8320E6293BD947BB4369F5F0E3AD25385,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\setup-git-server-over-http.htmlMD5=33902F0930C6F366A61C2049A7226C84,SHA256=D8C030A6F02FC2A6E79A71C683AA82E6D8393158073CB6038D91676DEDC3A081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\Powershell\Defender.psd1MD5=3BBDFC485556E8AD079EF4851F9C02EA,SHA256=B9E5AA91603088DC1C7E4D770E87BD60D15E10D0D28230813652655A5426A950,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pl-PL\mpuxagent.dll.muiMD5=5D54C04D7C27EA6CE6B210080305B52F,SHA256=C0023426DDE673ECFD1773603527B1A7F45A3FF3188AEF7F3BC5F9715559A545,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\separating-topic-branches.htmlMD5=61CB7E83EC969D25576319052C28A519,SHA256=A30A7AA4B40846A9AC44A928E3F3483D31C56511E8C5FABC66EEE81E52341659,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pl-PL\MpEvMsg.dll.muiMD5=E4AB9295868CECBA04559106FE96E5DC,SHA256=A50120EA0B48F36A5C47F221BC4E61D7DC0B9B1D2662C93BC451820B61D214E1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pl-PL\MpAsDesc.dll.muiMD5=B96EB382039117DB6E7CD97DA5FD8C6A,SHA256=FF7C4A378D15B2891A4957F737A22A1D158E54A6310924F6BADA53722FA6D45A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\revert-branch-rebase.htmlMD5=9700E1482C95EFADE1E1AA5F3AE4301E,SHA256=04AB319CCA1C327DFE7464BB9D8C0545FB8C660CFD0A1F5A34DC0DE15C28CABD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\revert-a-faulty-merge.htmlMD5=67EFDF79244392FE1ADDA5EF0BA0ECF5,SHA256=BE2AE5CF5585D60AF78583D5EC722DDD6846CD29919C1015F5FD77E2BC0018CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\pa-IN\mpuxagent.dll.muiMD5=0858AF34223613F6FDB7D36EE2187292,SHA256=50AA641A180DD83863FAE276906387F78EA45BC326DA715E3752B4A7AB5FBC2F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\or-IN\mpuxagent.dll.muiMD5=795767F8F307614A9AA1789E5610A2E1,SHA256=056C9B6014778E529945152F7A370501E8F489474AB0A672623C2F2F83865ADD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\recover-corrupted-object-harder.htmlMD5=B35E38DBD7413F204B914D55E301A6C2,SHA256=854B84FA75B97EEEF163CA1AED850B6B3CD8E3833CD2A70836426F3A7D5CADF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nn-NO\mpuxagent.dll.muiMD5=25EBB8CADCF92D82535096AB16754A7D,SHA256=88E016954F720FD707921A51D3976A4AD420B6ED7901F64BB820DA8D85B1E8B2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\recover-corrupted-blob-object.htmlMD5=E899A92AF11515536B84F667F47995AA,SHA256=7F3D03D72F40061F95179A175CC0755308C923179F20BC484D8E660784BAA534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nl-NL\mpuxagent.dll.muiMD5=91ADD73C150D29B35CFDDCF5B3D5EA46,SHA256=C3C0793A293BA5F6D2DA58D078FE895D3457B438D5BB07283279C66550DF995F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nl-NL\MpEvMsg.dll.muiMD5=D9B3D057BC737C0FA82D3FE1C1E17762,SHA256=ED1280AEBC4FF98D86B6A502B60FEF2B9A2710EB863FC87A225B07FA8BB54EFE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.016{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\rebuild-from-update-hook.htmlMD5=E3FB559421F81C50C512033D2611CBDF,SHA256=CF4255C9D184FA37BD7561695068BE024D0F7617936726BE0DE721326EE8AD61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nl-NL\MpAsDesc.dll.muiMD5=2761ABF999488090724F029B46F47DD0,SHA256=DD49F445D7C3FF78735BF6D4B4E1D51F65CB7A02DDC4B3BE11BBE3E0DC8276D8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ne-NP\mpuxagent.dll.muiMD5=48DE53D02EEF84D0C23AB38F306C0996,SHA256=19CD78F13EDD1151A66B513A80B7980B375AA6E17F471F2A77560FBA7823A983,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\rebase-from-internal-branch.htmlMD5=9D047484678CFC4CEFA3166DC7614E56,SHA256=B8854FDD676E9097E0C2BCACD050376D7CD0EEDE9F79CE4A3F3480CE638C1FAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000059884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\nb-NO\mpuxagent.dll.muiMD5=39E93001C59A4A46CFB241A9031537F0,SHA256=8FAB28ED79F83FFF1D19D2721F94B6CEFA80C81859AFFB618CFE25670AAC7A1B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000059883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:34.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\mingw64\share\doc\git-doc\howto\new-command.htmlMD5=A7750443C94177B2191536872256D08C,SHA256=F22B9AC345D4FB51AF46DF47DFD9368BA2FC288C709CF7049CE7976366779C45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031807Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:34.784{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=824997D425278432C53BAD81FE3BE3AC,SHA256=EC719517CB549A2953164E9417AFDA6CFC2ED1C38710FB7A467171B7EAA869DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031806Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:34.114{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\respondent-20220120081703-137MD5=48D9DB22D5DA72E1508DB4774F89CD54,SHA256=47231F73915EFCF046725A41CCC183BD3625BDF28EF9197BB172C87CF7B7A72C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.998{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Lm.plMD5=6B9F7879F85CC7C9B1B54695034197CE,SHA256=0CBD340F0C66B044687AD09D2691923C20A1F23DFA47C1E6126F1BD2D6B1A9C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.995{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\it-IT\ProtectionManagement.dll.muiMD5=43DF5F29586F65873FD7DAC6A3406DB0,SHA256=2483CB01A9CAF7A5DEF63740E640EA1648A2C9426C0D4448BABF9966F4FF5C16,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.994{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Ll.plMD5=903683C03BB2A84E692FE584A86F5757,SHA256=A403880EEF1F6AC8E815D86EA35178B295D1958D2593B37A4F6C6DB58F6789C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\it-IT\mpuxagent.dll.muiMD5=F5E020993CE8C7E9A39D9B3AE51EF265,SHA256=EF5FC01D0D44B6FBD6650FBCC42E0C5970D78860D56A75B7A64DF12F268A307F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\LC.plMD5=34061712FAD8FC932856256113FE3C2A,SHA256=38F4502010A7D9617DB7B2BA1ACBC72355BF7060DB3F62AC0E1308344D9B6858,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\it-IT\MpEvMsg.dll.muiMD5=49C7FD7EC07208B37F4424510B4E9F48,SHA256=E3EB3FF9F364608A5CFCFE951FEC413677EAE7E762916F00D7557C35ECB3D238,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\L.plMD5=2C1D7573AD68D2A6F91CB55E21461EA2,SHA256=67ECD0A2560D8ABDC7478657C95B5B3F1C697685AE722A6B5E6AF0CEAD153CD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\it-IT\MpAsDesc.dll.muiMD5=2BB4AF4AAF157F9023E6DD7BD9A22037,SHA256=29441EF84FBDC8E45104E145F630487A42E72B1EDBE974C50BE153D25976718A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\is-IS\mpuxagent.dll.muiMD5=CC63D7229B687A0555A6F322B6CDE68F,SHA256=F88DE4EE2D61B50477C889787BDA48816B680DE2107A529178B82D3FB39D5AE3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.978{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Cn.plMD5=9980E1CBDBA08E7FA0DF8D9019D891E5,SHA256=AC3BA5C2648F13B5228B8777661206DC432F6FDC699C4B2AFD9016DFF21D683C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\id-ID\mpuxagent.dll.muiMD5=E02E26AAE92139318A7134A0A79D55FB,SHA256=35A9CD12B369D0097B6759D84F8997DDF2CD1F95E5AAD8D49406E4B520ADCB2C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Cf.plMD5=637EEB5912248910BFA6D278C26593BA,SHA256=D7BBD8145692462B51B467C46AF11AD28966FBFC0E50A84861AEEBBB87D02F8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\id-ID\MpAsDesc.dll.muiMD5=85943C2EBB43E9B241F2D884280E84A7,SHA256=8B23C55F41920D3A8FC90E91E36372DD1AB044C81BFAC26324835F2E22AAE511,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\C.plMD5=8325E222700047803BA9AA27ABD6760F,SHA256=F144D2DE7B9E67B38A21F9865F48E731F69F5DFAD7FDEBD0B645779BD990B9E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hu-HU\mpuxagent.dll.muiMD5=1BB3CCDB0E85433A5AAA47FF46A232B1,SHA256=9A2682B2E05A9A42631D0D610F7DFE24088965694DDC363B3F76980D5F37C72F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.962{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\ExtPict\Y.plMD5=8A8B14CCAC1D13409DCDF7D3066D54F2,SHA256=0908AD631AB3F3B47AC09B50C64B240FC058B4A158312B205BAECFE6C05C38E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hu-HU\MpEvMsg.dll.muiMD5=03C904D55257A07D037BF817AF55034A,SHA256=6FB1574D6647A6B8B1DD19CFC377091586677EAA1C60AF55FE130BE823DD8995,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ext\Y.plMD5=A98974A0B9525ABF6DFA78E119453186,SHA256=BFE2DA8161544DD0E719F5E1540E48DAE4EDE66FFC0EC39D729320CE80E83823,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\EPres\Y.plMD5=6AB4EA29627BC9C6E6BCC99E353F9357,SHA256=3F08911A7F2C1A3D6EDFA2E1516159A454C53513EAD2681D989B2E666A196B8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hu-HU\MpAsDesc.dll.muiMD5=54F0DBD0C33802353A01CE3FC78D8839,SHA256=B8C5E09B04156FC7D6B3CB91BCD78E333FD333D6661A8A06FE2C79F967EDE194,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Emoji\Y.plMD5=EAC550EA266F25526644EDCC7182BC0D,SHA256=B9925DEF95B47E96A61321FF521ED82C2D9FD780C71A0E37D06EC96984DBA460,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hr-HR\mpuxagent.dll.muiMD5=CA98D8B7503D61A0159675BF773BAFB3,SHA256=99C3BABEA53C2E5CB99A4FFEA8CEBE244D0D9D750A9382C100DBCD87B758A4F5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.947{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\EComp\Y.plMD5=444C131C008CE4C73A70B6F82D3F768C,SHA256=B3D018FC60859CB97FCFD2EF7BEAA64328E524982A7B1290FD738D0D1A8649C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hr-HR\MpAsDesc.dll.muiMD5=FEE0B18D5A27CA7E46150E58D28E3A1D,SHA256=81DB7BFF60679B56D75C15397ABF0E546D5A320BD44C6871008079ABD5C696C9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\EBase\Y.plMD5=8C6200D82E43FAD5B56EB44D4314E368,SHA256=93A851AEF71832760AD7AA83A552F1A8F87710F2FE876BCB301C323F0AE08E4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.931{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\hi-IN\mpuxagent.dll.muiMD5=4711697C3001B09FADE00AD1CD52A220,SHA256=BA4ECEEE4C14EF4D7E0B0C31E8DC8B2DAE4C1668EED9318A89A8E9B4E9AF17AA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.931{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\W.plMD5=6BEBDA2E314CF87D28489990DF0FAF37,SHA256=ED5D9C73D37FDF6167B45A4ACF8839FF92C0A72683DD949EE815B1ECE67443A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\Na.plMD5=CEA84242C61B61ABA8051F82251C62BC,SHA256=EAB7C09A3F1E7B93616DD827AD387C18EC236062C836103074E88A8627AFAF8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.915{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\he-IL\mpuxagent.dll.muiMD5=9AC12A9E955057CA687BCB20CD0664D4,SHA256=A8F5B0D1C508B9FD92D570989B04E6B1CD7A17E3433BB9F1A424E31BA546B516,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.915{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\he-IL\MpAsDesc.dll.muiMD5=B9F6616413FD767904C0F7280FB6478F,SHA256=E2FFD9E7057FAE276B32187106310FE97249AAFE6BD0AA2E7C569C0023DE9910,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.915{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\N.plMD5=C0B7166FFF35E3210766A39B95A0BB3D,SHA256=7F090986F89433525402598BB1F3E13561141B3DA80A899F504390B04596629E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.900{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\gu-IN\mpuxagent.dll.muiMD5=A82039F34DBE3059BAFB353F15B821D9,SHA256=845CC18711421317F21FFD6ED981A55A1DFAB439F6254E61FDAF9238A02B37A3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.899{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\H.plMD5=50421DBA598E0880D8A5D97A1D6624F8,SHA256=CEEC58D04FE90945260816D940A2BF7C31D5559B12A945A07550CE940D5C1B3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.898{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\gl-ES\mpuxagent.dll.muiMD5=96F5728002472BD841A76FAFED8D7ACF,SHA256=65E0787EA9E028645FBE028887FE781E1BD225B58D529786FE24D4E08C56FD48,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.894{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ea\A.plMD5=DD6DC1ED364F99F7D0A59AB2985B6211,SHA256=F29276029468115E88247AB329B6CF00075B30944D3B390DD878B381CA8493B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.878{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\gd-GB\mpuxagent.dll.muiMD5=4C4A804E15C9160284C3D773FBB471BF,SHA256=21FB2524F6F01AAFD47A176A0E3D2654EF2EA425A3CC08D0A2CF87ED9517B973,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.878{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Vert.plMD5=F26BBBF765E8FD0B658E0BCA9B33FCC0,SHA256=76DA17DDD1CE6B00223AD72B7AB308877D5B52FEDE6A1F4E13C8D77CE24A7AED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.878{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Sup.plMD5=66D31D066FF38B35C1F2B4E176987729,SHA256=AF729DDFCC881E81CF81AC43C9ABBE5E314E1458B881DBE1341F1F0A8B58A1D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.878{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ga-IE\mpuxagent.dll.muiMD5=2FADD9CFB5B7F3FE58E9062CD42F99E0,SHA256=52CF2CD46ED43B59C0E7F431F54C1E5843A1AC7D297CF8B9DC0C0E59FEBE6D60,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-FR\ProtectionManagement.dll.muiMD5=B3C206C579FDC4E0F136F666087A1A59,SHA256=115A0E34AE2005A5F0605C93CEE01063C0A43A357D3D350D5B388331E5C286C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Sub.plMD5=ECDB175BE642252CB0300F6D46818990,SHA256=6CC23F11AAEF503BD867CF883292C7E63B55EBA22964ED1DE9C3AC803E32DB2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.863{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-FR\mpuxagent.dll.muiMD5=BF23D36F68C22C68FB4533BF2EE4FBDB,SHA256=3C75EDD06BF72FE6358159EE280AC2599B1464B3AB1DB62FB6B890439BD20F83,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.863{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Sqr.plMD5=0A741336B808FBB207E92E033FAD15B5,SHA256=430E51F15A0E9D54C119ACA605CD4D2E0B95E61A3D8D7637D15D73C8B139C84E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\NonCanon.plMD5=E20B4EDEB660A665B2371CBFBF75AC29,SHA256=EB20BE21B49B084B911CCF7D5A6FABC939BC83E6BF1C863C0518B1595002A292,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-FR\MpEvMsg.dll.muiMD5=CBACDD811B404C10F44B33AF6B551314,SHA256=0F18FA664A157462A28628ACFF0E44821D4B2B59A9264FBF65EBCB820CB2A2CF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-FR\MpAsDesc.dll.muiMD5=285926E7F267F44F5A8A4D39FD6F3F9A,SHA256=0FA9712825450FD5554AD735C082386F9F981FAB952E0401E963300D8D8EC77B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Nb.plMD5=8390B67CCB0C7F61AFD3146CD5060C4B,SHA256=D502D0933546452679B5D1CC9015B2D52CB27773C3FDBBAAD65584A7F721111E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.847{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Nar.plMD5=930B15599848D874D4322BC6B3C79BF9,SHA256=A07087DA4C030AABF9583B29ED841583AAB42EA837B5FC319A34143F27AF3257,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-CA\mpuxagent.dll.muiMD5=9112D2D8149ED6D27D8CDB1A59318D96,SHA256=4FBB2359F2E3D046355EF7F67A14358924C5F307344FD01AC5F9F469FDF0DDCC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Med.plMD5=C33A39A8699D6697FEAEE08720648FC0,SHA256=EC70385F358FEF7EC131EC4F558DC901887A011BC73F986C9809880C0190D7E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fr-CA\MpAsDesc.dll.muiMD5=D0F5A473AC62E4D9F4D84C991501D736,SHA256=D8837AA791AFF1175ED7BEA92AFEA813A4068A94498CFE29F6C1F4D81811F35A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Iso.plMD5=CA93AA8E24C09A31E556B5E9DABE6D1D,SHA256=BF2985EC300A88D5E3E4D1EC18F9513AA2952473368CD60C4756FDB9BCA9B7D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fil-PH\mpuxagent.dll.muiMD5=63F04EA51006BDFAC0E72FEC77793AEE,SHA256=C41D10191277F54E2F19A9D0B96BBD8CF46593B0C945F96FB10F5EDB7D2275B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.831{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Init.plMD5=AB2BFD56F88250A843A6C4E0E6CB9C62,SHA256=CABAE02EB09625947823BAFBBA1391BB657F8B9372873D0A2FFC01DB06EC746F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fi-FI\mpuxagent.dll.muiMD5=8091855B10B231F0C616288DC931D144,SHA256=F4301EE452564C53FE442B8B82B2A6A3C43BAA14BC0A65519B5E5CD45BAEEC6C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Font.plMD5=9DDD46FEA00858E293340DA77B3F05F8,SHA256=4E6C4A28F5AD295E4F126EA08116BE973C1161DA8F24251FFF541BFE05AF68B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.816{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fi-FI\MpEvMsg.dll.muiMD5=6D873185C391DF16629C6A626599A0AE,SHA256=9CF04577CE63847CC91FFADE32D8E89A75DBEE357BEFCDAA5F35BBDA944D86EC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.816{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Fin.plMD5=709D1F2F908CD7249EB47D2898CE8141,SHA256=3A47449C25A6147A230E9D82B6B6B484DD032DF5248CF52F57D164DC094373A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.800{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fi-FI\MpAsDesc.dll.muiMD5=A9E3A9CE00F86295071DF298335F6C06,SHA256=88BAC39E1E1E0D987893162D8828E717CA3B9CC0CFB7A8314D98EE9F8D837104,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.800{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Enc.plMD5=1DCD8873BDA253499DF137BB7904E8B7,SHA256=A51743154446C19522DB6E8E2AEE732F7B93104496A66174B147A8D089CFB8B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.797{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dt\Com.plMD5=07521B20F8F20A96605377846284C21B,SHA256=C4FCBE70DE91489FABF72A30547A802F80005DAF0C8D3F5321FA21FD70A65F93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\fa-IR\mpuxagent.dll.muiMD5=4DA0DD6B78BC8FFFC216EA883E6DC6C2,SHA256=403C709C2DDCE26D5CB837236A141B42466B271B24757529DFF64D2D8174D4D9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dia\Y.plMD5=120AEF1F90A07BB71D111082BC3DC55B,SHA256=89F235889E2CACC6A007B10059C0195A767A4C3C0C72BC483AD12EF42AF7D69C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\eu-ES\mpuxagent.dll.muiMD5=67AC5B49C88380DB336D06CF1ED3173F,SHA256=9E2A0FECBA2A37EE285CE2768D1209189D9250EED0C936EEE301EFEB5C96F7DF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\DI\Y.plMD5=E4DF2CCC66EB3CD7F0E4247A24DA5E65,SHA256=8A74FB86E92CB00D52C7FA765A2D8C96511A207ECC366DAB49A94D9E3D192CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\et-EE\mpuxagent.dll.muiMD5=4A884A0F57FDBE52EAF0D87C581FB234,SHA256=3F0CBA6196FAC14F53B99746013C0D0B825B9BC02A1335284CC6B51559EE0ACE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\et-EE\MpAsDesc.dll.muiMD5=927FF21ED30775A8E85D131217C9D237,SHA256=B15DCC4C08E0852FC4DB69690630088C2B2BFA095BD57FEC08A559C085D32D99,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.778{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dep\Y.plMD5=895C0EF0B372EC2DA06A771AE5016D98,SHA256=A979575B8CD8791AC69DEA3882CF1C797543B5729D37D412A0115EF8BE7D1360,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Dash\Y.plMD5=165071732FA705D371A95AD5541B4254,SHA256=DC7306B3CB53D916D46DE801CD892EF63DFF43D54F681B410A5A27029EFC0875,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-MX\mpuxagent.dll.muiMD5=63B754BE7F6DBABD068C15B39CE4C113,SHA256=EAE30810FAF0488B162E1E755048CF93002A9865E213AC97402FB7A3B9ED8394,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-MX\MpAsDesc.dll.muiMD5=5C35173FA74A3D672A56CC543A32FA5A,SHA256=3D6F9B57DD78182D5C68C2030394E2A2FEB3DF71FC9F789F6A7A24C58A6BFC66,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWU\Y.plMD5=FB015A4FFEEAF177387258F95CC89A9F,SHA256=29D9D4D37DFC01D77C4DB075B6C2E0F223CECCF71B1E53F65817375283FC88A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWT\Y.plMD5=BD829C7A4DD0D6C6EE17F3A6ACB83E0A,SHA256=679E9D16E1DECB30E2DEE42CDF3235615942781361BAD2AE49BE0DD576AC1B2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.762{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-ES\ProtectionManagement.dll.muiMD5=8A9DDB06A8571FAA347655E6C42DCC3B,SHA256=028CA6F190BAB7952E0DDFC77496A61123B752AB35702AF68C0A9A75A3C0CE81,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-ES\mpuxagent.dll.muiMD5=042B5EDB16226FF87B31C1EEE0919947,SHA256=9F728A89F7E3929C7A787496E84D3FE6006DD284CB8A0DCAC8BC07349E889625,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWL\Y.plMD5=5F6E7F0D30600F1F644E451FB7FBECAD,SHA256=B485659B0249C4A83A7456E13C51E05106C88A90268CB97D0C1AE5EB68958D38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.747{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-ES\MpEvMsg.dll.muiMD5=1405D597CF11D85A22F85976119B6FE1,SHA256=84D02E2B3094B0D28107DA7A4E9AAF4248AF6727B8C15875CDA6A3874A8A9E69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.747{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWKCF\Y.plMD5=D8FA05CA2AD9577AE5A31C48DE78C5BF,SHA256=0DE7C41B0B9E3F14E2C81FC640A8DB5FF1AA151C4E2FAF29B68C0440FB8F36DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\es-ES\MpAsDesc.dll.muiMD5=6A1D6708A2926479AB25C58A2F1E78D5,SHA256=E72CDCA57721651D1C787ED2B67D7059D9123DC7A71A27241F6A57285EA0B135,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWCM\Y.plMD5=BBD1DB372868DB91B3A46619ACBB599A,SHA256=35450A8E8ACCAFFFCB42428C0762D87147651FD88B7EC73FDE34379C06B42D71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-US\ProtectionManagement.dll.muiMD5=F50AF044431879E0D89FA35750944411,SHA256=C22A3F2938DEAF607461C1863306CA6265F26C6DAD758D4B9C06A114711D713E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CWCF\Y.plMD5=10EE0D807541F2074D6B8A59A07F142F,SHA256=FFCA172A10CD4EB178C8D3D6C63FA17756353A33E92A28CED8C13AA0466551C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.731{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-US\mpuxagent.dll.muiMD5=AE09146725377A5CFC93F2AFB266D988,SHA256=9EF5437EED8EC59D55DC2CD5B3FCCEEB34587213202C8D4C89537569D132A320,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CompEx\Y.plMD5=A4795CA642E1D9DB3076204AFB75107E,SHA256=2DCF530F628200777992161E64BD49D5744BC41E2A97152DA7B256BFBB881886,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-US\MpEvMsg.dll.muiMD5=DF0918B0EDBC7B3ECC4D16E57ECAF80F,SHA256=6C5B089AC989E1341C520CD158F27CE203EB2C0147BF58628ADF3E5B0B7C1CFD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CI\Y.plMD5=3536C069CB03334C828FF0F6DB424754,SHA256=C3FFBD8530F1BD8D6CC9BD5D51404866B770C1326D9C63250C27489105FFCEFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-US\MpAsDesc.dll.muiMD5=187C46CB061A1195628F6B3E4CC5CB94,SHA256=6040A5971CF7C9538AB347FA9CDA4067A11D7B159557341BB6E81B4CFC3115BC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.716{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\CE\Y.plMD5=64F5BC5BC2B1551C19ABCCD996ADB480,SHA256=279310A9284786488C4838DB5D902790123A99595634E370A195D13D959DCD5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-GB\mpuxagent.dll.muiMD5=693CE8ED1E84826C547DAAC802C98A2A,SHA256=CBD7D1BFAA7D5FDDBF51113432BB9320184CEA5E93FBEBC061A247CEFAD9FED0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\VR.plMD5=98275115221E7BFFEB626F5ED4FE60F6,SHA256=C2F31C9F60CDF1745CE0755ED26E7E4C1AD79C6345800A5E072C2B8158B760C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\en-GB\MpAsDesc.dll.muiMD5=8A798EBBBC7737507AD7D51ED468A5AD,SHA256=96A8EEA3E7EBA64442A6D0B70B483DE164A5C248F6A598AC925435A6FAB54BA7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\OV.plMD5=83AD83885BBFD9020AEE73BBC04FCF0E,SHA256=2FF24FCB60488CF11BD5D5E49CAFA6631065041244E1134E8A14115C9F950E1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\el-GR\mpuxagent.dll.muiMD5=EF22A37059CD990CA97F246C417472FA,SHA256=6D82FBB32A867DECCB922A2F376110003CFE24C3BF5621BE58A24316F8C8AF80,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\NR.plMD5=E772451C45C545CCB31DAB88CD1741E2,SHA256=D0C37809A5A42EE1BD9A6DBA34C6F691DF584E6055ABEE0190AA500073A7BB68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.700{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\el-GR\MpEvMsg.dll.muiMD5=FF87B719FC9B61CD168D95692D417CAD,SHA256=BB8A4C321D817BCCFBC0D30FA1B947430A39A8182559DC8199E691774519B76B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.699{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\NK.plMD5=121B09413A2C254F8981905F835339D5,SHA256=F18521F228E47064FBA4C4008224659428542C4A6ABD60715F39A46B79599F4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.698{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\el-GR\MpAsDesc.dll.muiMD5=79E17EAD71A9B8D43F653576F201A0D8,SHA256=E2F6C603C69BA2A2DF791BE1B38BDC3C7CB09DF829FB1375DAFD96C5AE65207C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.696{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\DB.plMD5=A3CFDE0A982048D203D7C2164F40D7E1,SHA256=7A7C51589B861AA5FFEAE839A94DCEC2DD523F53D1FAD8A053EA962762093E12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Drivers\WdNisDrv.sysMD5=1526B96991A61A91A8EF39D2346A4C4E,SHA256=63985A5BD74906F7AADF22BC60C9694AE2B77582DA0A8DCF9A35AB6018B19849,IMPHASH=B2232D76DB16949062B092AC66B306E5truetrue 23542300x800000000000000060264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\BR.plMD5=19950F06ED4FD3991CDFE137A1A3676C,SHA256=9619DE824BE669D9D4C4D8BFF7736A73CA152640FA046E0D93E933A4D0EC3880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.679{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Drivers\WdFilter.sysMD5=8D341CCADF5FA9C342D03AB71C163444,SHA256=88061DE952D44FDC17625E0B779FFE9E144C3933D21D2B9C54322CB871BE5F9A,IMPHASH=D148E8A715DE2CD7B90529132F014544truetrue 23542300x800000000000000060262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.679{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\B.plMD5=73D12DF6B4C4AC5BC3922FAE438BE60F,SHA256=F1110DEA90CA71CDEBFB5B5FBAF8669750782DF1233D986F9AA888611443C95E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\ATAR.plMD5=07514C263AA9272F137EB20E14253D66,SHA256=F48CBA0D6A07C6CB5A0BF75FFEC8E9137FDA2E9BB216C26663C2996EFE3E94DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.664{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Drivers\WdDevFlt.sysMD5=EA7BD4E901D5B77990B131E1B0FFCBBA,SHA256=87AD5AFF6B14B603708217E2ACCAAC50A8D12251AEC0A7883FD5B97292889ADC,IMPHASH=FFAB6852F7551B536A89E4E6E6DEDE4Atruetrue 23542300x800000000000000060259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\AR.plMD5=39F021ACD5FCF53A88553E8CADD4A5EF,SHA256=8DAF4203EF4D4ADC681C508BB3B0B7CE11DFDFFFAAB6011BD7642815F022CF50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\AL.plMD5=3D3ABF39140D18971EF14CACE680CFD3,SHA256=DFB1FA38FB736022EC0A9FF8DF7D9A806B9EB951A42E499061A52B8795671A74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.649{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Drivers\WdBoot.sysMD5=F275B59876FF941EA4C2AB1AAE5DCD9A,SHA256=A3087A5FC5A617DC951001B5C210BC275D97806629A8DB635A6A4E33DF99AA3F,IMPHASH=4B7A0029980F4F757F052F90FE2D4610truetrue 23542300x800000000000000060256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.649{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ccc\A.plMD5=62731D694EF314A3284108A564B1B2E2,SHA256=F09592AC4EAC4563C96BC608359D40A63363ACD818AFB03BD9169D299EB88766,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.649{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\de-DE\ProtectionManagement.dll.muiMD5=E735FDC4511AC3B5A9CACFC371076AEF,SHA256=C7DF47BB80C160ADED39A0148DAB6A9CFDA612D3503ADEF65EDEC0EE6180A25C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.649{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Cased\Y.plMD5=A7326A6D42AE8CEDDE4CA742E02AACDF,SHA256=1279219F33CBD46A8FF1388FA6E50C4EC04DF994CF4A6C216CC80F7AC6D1ECE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\de-DE\mpuxagent.dll.muiMD5=1997595B05B49D3B2C65CAD659F5AE8E,SHA256=FB6A66079DCB5163A4E59DB6ADF788C31107222BA7565026117C4C8269A1EC56,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bpt\O.plMD5=E1D51FEAC3059A3CA87AEDE25C3BEAA2,SHA256=C8AF291BA31EF5B5328687730CCF2B0C7E7BDDAA511B6D8714A3AE51133B26B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\de-DE\MpEvMsg.dll.muiMD5=4F4B6FA818D9296DFD2C50E9FC8E3148,SHA256=5ECD0436B6A03F3492E8F49E77EDBB9980930026F901FA7B9320A977611F0519,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bpt\N.plMD5=290ABC6DEF8D32EFEEEB042FC86759EA,SHA256=AB0CF976434D6244D6A7ECA532AD4B2414AAB9D7B4FED8CC28F3A832800956E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\de-DE\MpAsDesc.dll.muiMD5=332EFC7E9655C17CE7B72BA2FAD9B8A8,SHA256=B9E56473D315682FDCA6A1C40D4B6074863D2B4D994CBC57540FE77E4BE0B7E8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.631{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bpt\C.plMD5=BD74D7D0AC519B9896109D8BD9C0EB81,SHA256=4BFD6BDD4BD742864EB834305136ADFD51413080D5E5A4FB927C0139BA7EB7A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\da-DK\mpuxagent.dll.muiMD5=7E79B3585A5EAAC5ABD4225BABD5CD15,SHA256=F0B45691C00E5B9533BB3386453B1DDAEA68060E5F03E391D8B98F74FCD09B3E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Blk\NB.plMD5=20BB29F3BEA16B7F1DCA02AD4D2D4517,SHA256=2EB6E1105F63ED524BCBB0246AC4DF92278A840372A32DC422EC3544C55C4798,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\da-DK\MpEvMsg.dll.muiMD5=251AC3CD9D8AB20DDF64636DB63F3DD0,SHA256=80078A983E83A160602EE29B9F9176003810DD018680E9DAD0B02456879E4D92,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\BidiM\Y.plMD5=BDD5F3D9CBF2C232AB5DAA71559DC1BB,SHA256=29466E686D415BDF089585D3ECCE06FD9BEAB52364A7A98066AB9EC349E6F959,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\da-DK\MpAsDesc.dll.muiMD5=6BAA1DE1B3CC2FCC7695F8FEC043BA37,SHA256=033A1FB10B2CE94260F72408E22A68BD88DDE3459A15826C9597E7981D801467,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\BidiC\Y.plMD5=8B6703204D8C7B771C6886E1876676D5,SHA256=1D74A07D8E41979DD2DA5C1310BD15FD92D3F2F7106DAE6EC045EEE0941C07C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\cy-GB\mpuxagent.dll.muiMD5=D476A8CE57FE38BA7F1E12DD496C23D2,SHA256=C5EEE24874C3F4F98DD9B08AC6D0EAB0D7622B00E546FFDA993A86173897BA7F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\WS.plMD5=1B375227182BF0697B624231C00D9C21,SHA256=7B0505B87BC150CB8116D5341B89EC7E12A9F1F28360DD2AF608C1532DF3518C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\cs-CZ\mpuxagent.dll.muiMD5=AA080DB759BD98AF8A33E851EE5078C7,SHA256=3217722393E01E8616CC6CD1D63B32931342F0CF28754C1AB3A1F8FD60966E25,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\cs-CZ\MpEvMsg.dll.muiMD5=A0A5FE002EC73797DA31CF029C342E0D,SHA256=7D59200CE5541BE46C0ADFD9E94397151543161E507A5DBA5A751690F5BFC010,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\R.plMD5=D4E61D82E5F8310973ACA5584CC94554,SHA256=4AB9E58081214CDC281666E18D8EB8F07CA9A338723549FBE488DB3CA20DAFEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\ON.plMD5=70CEEFCCEFF8A9C9387DC635FD428631,SHA256=946538587F876EB156F40650279634FF089F363807DE8AEFB55D23318F26BFAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\cs-CZ\MpAsDesc.dll.muiMD5=7CA2154A8C6E6FAA29554C0F8F9FFF84,SHA256=4EC3E83EB3A3D943F29918EC29B0CE6B9AC4A99021BF8D320148D4CF1ABC8009,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.600{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\NSM.plMD5=893C299387FB1D203477DBAC27CC7064,SHA256=20DA2BB9F3D42F55A23DBC9CD3E9994840771C24484845CD23A57E8CB72EF4E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.599{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\L.plMD5=B80604E2658C3EBF15D7E76D3CC1B802,SHA256=301C2BB95319CB9E9E12D721DEF1D8187AD3652C5029F272CF808F2BDF587DC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.596{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ca-ES-valencia\mpuxagent.dll.muiMD5=700994B603A3AD4C63A73628363BA34E,SHA256=5137437407BA412E9D6CA0EDD1E42A519EB9A4749AFA86959592C2971BD5C5BD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\ET.plMD5=5CF4751738A5CEF1FF0804AA5C6D3E67,SHA256=B28260039861FFAED5485EC22FC45D67240B08B954E17A6C3E0E4AC4E670797A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ca-ES\mpuxagent.dll.muiMD5=A2EDC36B256116D244EDEBCB9618A038,SHA256=C59F2084B4A938D2D5EB796C9A64EE998426A7EAE61364B6CC20733491CFEC28,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ca-ES\MpAsDesc.dll.muiMD5=434861E8B64AF92FE8DE8E9F90EBE587,SHA256=CA47D07911750AE7AB92B89829E22BC379EFBA2E86E8E59B274DADE31298CF28,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\ES.plMD5=6F6CAF218923ADCE72BDC23B00AEF1BD,SHA256=E193D9856AF559FC41CFF5020858F6C05E5D58B9F06E82423D170B581AD6BAC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\bs-Latn-BA\mpuxagent.dll.muiMD5=ACB24B7EF7EC07681320B72D17086145,SHA256=E094025F7C0549C550846D878CC9EA493FEC2958F9F297734E295F724E8104FA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.578{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\EN.plMD5=AB95EA4BF3CCC35B4880F2655446A57B,SHA256=D730D95E7ECA378F0874C4B1CC088E547738B46F4795EF035879F5E835D40D2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\bn-IN\mpuxagent.dll.muiMD5=9FA720C93633B9E7909D82A4EA786677,SHA256=E44A23E6D0F4A8621BFD34F11DFC39AB433A57FEE3D3E1272574AADCF54D248F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\CS.plMD5=35A73702473A5CBA6FC5AECEBB611D71,SHA256=76EFA82BDCF1D25B13AC7482DACFF3DCED44E25143BFFB34141FA4D8D9B760F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\bg-BG\mpuxagent.dll.muiMD5=0A1571826256FF307B6A7B02F15A570F,SHA256=1342ACDBBE2159B4AB9E15E5246C962D5B2999E00E056A025C2B61816700AD20,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\BN.plMD5=26FFC7FF1501AE604A293C41DD9BF289,SHA256=A6D12805067F9A0016E0AC041D1D6AFAB4FA127D9B77C19BED3AAFB6CDAE96C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\bg-BG\MpAsDesc.dll.muiMD5=94D852744FD8BC979242D35799A73D13,SHA256=2D9C27EB93CA87C869147AE55678EDF9CB5E44AC2DA44D2DB3E5E3A37F848FDA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\B.plMD5=6EF607A20F85F2449E46A42F74B8A55C,SHA256=0FC5B158814D575A5ED69928258DBE0EF31D24DF6DA2887B721FBAD6332D156A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.563{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\AN.plMD5=386C916290FDC62A454B01B7708938B3,SHA256=DE44A088FD4CE4B9E9CE47F53753E6ED413F2B355CAAB4668AA40FEEEA92BE1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\az-Latn-AZ\mpuxagent.dll.muiMD5=D47D16550919A2A09BA7B196E983E5C9,SHA256=A330CF212D5362D529B907C0EED9C32D33096DE3E5D044B5A577C33EB4FF9E07,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Bc\AL.plMD5=FC092F25357311BF93D11AA6F844F365,SHA256=5A75FF4EC0C915636164955A2A7A574C95A72C99E5D897325117E2D1C11811F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\as-IN\mpuxagent.dll.muiMD5=704B97A099D74DE55B62BA93D2028770,SHA256=6F00A9E4787D9E37547185AD2D6B220AF416E79024C0F2A4D195F3A0A8FBFBAD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Alpha\Y.plMD5=88021B967D9FD3D13F7BA9B342C38070,SHA256=7DE1FEC0D3DADC0F489AF1080800BAAA76D8C1202F9DDD88B674D96DACB359A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ar-SA\mpuxagent.dll.muiMD5=11AF1EAFCF99F801247E5D15B307B37C,SHA256=A0D448C2117E94B22032CD58BC3740CE13286B4350AC172339AE702A832E5598,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.548{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V90.plMD5=04252245FE1BC002F0B20BC7645AFACB,SHA256=20B796DAC5E60353CF423E69EA86A8DA63409470DC0D2FFC5E255D3D038E3146,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ar-SA\MpAsDesc.dll.muiMD5=E6C0CA84DB6B98EED91C7FCECADA1A03,SHA256=98BCDD1DD54DBB1814B5C687AE917E70DD512395A1729DA0D290026DBA65E04E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V80.plMD5=219946FCB2C46A9D63D01E03854964B0,SHA256=6032EFCFA434AEA00432A5432D14A5D5AE2B94E2EF5E2DCB60AE39955F2E4B15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\am-ET\mpuxagent.dll.muiMD5=1ADBB96DFEF6ABD3E4B50F0920A82E64,SHA256=41743F683B41DBAC3FCB3A1B42261224741498A153A36EAD568D039867F81AC3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V70.plMD5=E44F082E68EC98D579CA8052E1D43DCF,SHA256=4C18D061954AAB2450164F4F5147E9799D48F0DF92E0C396CF2E743D6B3EDDEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\af-ZA\mpuxagent.dll.muiMD5=15DB2943DD1EFAA4734F8F77939A30BD,SHA256=D554657531449828477F4B5033073CA2C318028528B557573F7E931CC5E5FD6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.531{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V61.plMD5=EC1B8D2FBFF6F19086CAB21A9C53F023,SHA256=32D11E8DC8A7BD01FF3A4C8334E23F4D1B41331C37BA1E035383A7B8CFAAE9D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V60.plMD5=E3E2DE925DA87F9EC7BBB057F5E3838F,SHA256=059D94E083BFEC7EFDAA80838F426D42A33D81EE179080C1EAFA72794BB49AC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ThirdPartyNotices.txtMD5=CE7313760386B6ABDE405F9B9E6EA51D,SHA256=73E26404B3571A9E859B3A1144F54C353172479586E0A23C3A7DDA0C1C0AE919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V52.plMD5=95727AC8AFD999FC9F6E11DDA3361AF8,SHA256=928EECE818F91AFFE25CC6A7186021743CE7385094271666BD6A88A6CD7E23DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ProtectionManagement_Uninstall.mofMD5=72D045707D108D55B76CD70AD9A84AD6,SHA256=30A0AD834D7B3F4FB47010B4BB6905576792E83064E9DD858EABF0CCA17FC3DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ProtectionManagement.mofMD5=D9619BB89523F47C88DC5FC8BEA50BA0,SHA256=3ECDCEF5A04C90CA1EB296F3AE4F1C5BC96C371E84BE927C25FA64D6C74C34AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.516{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V51.plMD5=F0CFE0869AE649C309A5E518A17FB923,SHA256=2539AA17259F87644C8DDD5F4DF9BF455660D02C5AEFCDA49056479AD098B866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V50.plMD5=E6D865138414BF5BADB7AD796569B2F9,SHA256=FDF099085DE660B92470E7418BE14F3211082F52B3DD08DD758E57563F1BBB79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.500{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\ProtectionManagement.dllMD5=6961741616536665EA08B42A33CC4661,SHA256=5101226F1C66F21801910E1DA1292E197D0EC519D47C1F9BED4A9CCB6AA85B71,IMPHASH=9FC00988A6134F08C0D6DA8432A3B141truetrue 23542300x800000000000000060198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.500{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V41.plMD5=5927F1B41BECDBC0C1FDDB6927FCEE9C,SHA256=0635AC9C654B2ECCDA473A0896EC0A4645BF7BEDC7CC9CBAC50E1E479FA2353F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.498{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V40.plMD5=D6D69300B6B94CA589A863251EDE39DC,SHA256=B5EB915D505A1C77D4DD97647431395F906DAA020DA8B14A0194BEC13DCC130A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.478{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V32.plMD5=B1C1A9DB6D0D6F9C795B9686FBD86816,SHA256=B7CAAC71A1886F69D29EDE13B3FCBBE0195517789A22EDA0414924BE763F93E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.478{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\NisSrv.exeMD5=8B681478CB2CDAA890038ACD61D89521,SHA256=8C0181F0DAB62F42F98F8DCF5799594025091519B70C57726FAAF04644BD989B,IMPHASH=1A1A6C24B2E22725BA69163837D402F2truetrue 23542300x800000000000000060194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.478{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V31.plMD5=221679BCB9312033EC1D647053006972,SHA256=CB21128231DBE30F2F07A6CA304802A86D2B5E1BDC156A782FAF9A0B29819D0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V30.plMD5=4991B179382ED4C4ECD2A33FED496316,SHA256=7B9479492D618EA58A5B0BC677442E364742F9AE12774652A56F3A6C5F53E2E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V20.plMD5=5C7970D0785760B6906A66059CC783FE,SHA256=E00880F6FFD64407AA4CF23481069E3A0C9CD3131E6EF6218A247931BED3080D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.463{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V130.plMD5=D058B96ADABB51143C4706D3824FD976,SHA256=E22AA33C51449A1EB7A12646212F76F37A499797752A59B77C8AD7EC96FC80F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V120.plMD5=43B9E5D1126ACC0EFFDBED8725259CCD,SHA256=73E8F7EFB7D089157269BC9A25BADAE403392A5383D09A85F5DEC4A641568F4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V110.plMD5=353A237E83831FD328CA18DB8CC38C28,SHA256=E6B916AE713D77514AE2D012536109080363A277AE6C33F108883E0E44BD19E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V11.plMD5=95D5206FC8DD4A7D3CD3DC379477E220,SHA256=51E67681FD515F0DAF3025D8D30A0E40EC9342AD29279A63478057B4D0E2C3A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\V100.plMD5=B169B9B170B2980432C1CAE278EC038F,SHA256=7E26368289E5AB31E848259125C6FD6F43E15414E9ED147532EFFF106C52D34D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Age\NA.plMD5=0F8845A09D2960A6ADB624765EBDC531,SHA256=7C2C6F240ACD112CD2BFC14FC2269D57170735C7EDA6FCB497588B398109C2AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.431{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\Decomposition.plMD5=AD1D12269EF70687A43953D9D188AD73,SHA256=FFDFC35B382DF28FEFB836A0CD97F91BC350659045743680841DD6304D21CB33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.415{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\CombiningClass.plMD5=AF7A9293538F5FBBB0CBEAA3BE5A05DB,SHA256=A7713D24AA96BE08975AC470CA650FED1D75F8AD1D784911D04ECE7337DAFE83,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.415{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\Blocks.TXT2022-01-20 07:58:53.413 23542300x800000000000000060182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.415{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\Blocks.txtMD5=39A97FDF5EBC78AD271D432D59FA21DE,SHA256=81A82B6A9FCF1A9C12F588D7A1DECD73A9AFDC4CAC95B0EB7E576E7942D6C19F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.400{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\perl5db.plMD5=196AE683FAE27340F221BB141F86F006,SHA256=BBA6D48332A7CE4DC652DEEA8CF9F49545D9AB43E3BD6F84A1C916B8A2C75B7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\dumpvar.plMD5=903CF4F02C20D88697316CF67DB64D2D,SHA256=296E0E0E5628ECEA52C235471B7F36AADB40C4BC7EAC8B59470976640F1A7C9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpLics.dllMD5=3A0822C50B25F60F6BB3258DC4E7E2F3,SHA256=BA0768BD9992936F57DD752CD273F6817A3B07954DDECEC5AD91F4044FDD82A3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MsMpEng.exeMD5=60388873132DD881FB92F5B4E887FAD2,SHA256=5F7EDBE04ED4A7F616AAE597E7D0AB0D2E9DEA30F70601F80BD45141DA5FEEA7,IMPHASH=99C98AC382B2B1D56BA3D07EBC95CDEDtruetrue 23542300x800000000000000060177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpUxAgent.dllMD5=E144F02A93F5CAE8E460EA5651932FC4,SHA256=707EC580499BC3D12464ABCA3573211033DFB93F3EAF5C1B8798D611DDB63753,IMPHASH=32558E4AF479B2A1D13F5DA57D6FD400truetrue 23542300x800000000000000060176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.378{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\bytes_heavy.plMD5=50D2926265097AD82558258A95FF0DD8,SHA256=C7DEF62CBF7D031C4FE319E414117043F2A273885BFF93BD18E11935D00A6677,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.362{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpUpdate.dllMD5=4BCF3530A3E32835BD10EEB2573A4092,SHA256=7F6780AA7CCCC12D7335F7D0F3DA69D39D17984F816BE7D2AB4A273B8206A76A,IMPHASH=61AE0536E72E995FE5058EEF5884ADA4truetrue 23542300x800000000000000060174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.362{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\mintty\lang\messages.potMD5=35B586B0E811FF47A61706E9B02F02DC,SHA256=E0D59463F49472A5460FB4C83F938B99B26463B8569C7AAB20F273723AA10100,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.362{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\licenses\vim\license.TXT2022-01-20 07:58:52.741 23542300x800000000000000060172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.347{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2110.6-0\MpSvc.dllMD5=F2C455102802A5ACD50E11461AC60443,SHA256=CE93B78AF09312AFD942B3244A5CF82F1E2ABB229D539D4C5D293EDF0D7F6ADD,IMPHASH=869A767128881B43010343A3C9F41E4Ftruetrue 23542300x800000000000000060171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.347{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB2ECE2D24B088D93B873F42C87EF04E,SHA256=9981947851B32B18EA557845822F39C6427DA45FA3AD35445EAA72CD39F1DE86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.347{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\licenses\vim\license.txtMD5=A8D87EAAEB761BFA9B33CD57564E871F,SHA256=DB793C305D2AEF8A16F0F475727FDD179DEFF051ED823F8B8DCB859F3B52AD12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031809Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:35.784{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=560CD7280832E6CE74996E1B997EFB04,SHA256=B7D1DD340F4AEC66CE27BD2CE52F492A637FEDE8A4E11D472E5C9B364EEE494A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031808Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:35.128{CE7C8936-1A7D-61E9-2200-000000002202}1212NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b4c8a78fb3fad9c4\channels\health\surveyor-20220120081701-138MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\D.plMD5=5EBBDCF24937CB08BDE1F1EB30B6F58D,SHA256=AC97C0E60C89FEE2D05B4BD8CBAD11E4196A914994B8944B3249348B1F3228FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.988{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpClient.dllMD5=D914720FEDF21717A58BA74EC24C65EC,SHA256=D6EAE035E6A51AB6B7327D472120EF1666ED557AEB986441EC600D0B2D334507,IMPHASH=624E1189FDB72BC74D16BA15256EB0FCtruetrue 23542300x800000000000000060614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.975{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\C.plMD5=D50D040AA75E91CA5BE6F0279408604D,SHA256=317349A89D8BE6C0712F7456402912A86B903B146FCBEE55217C80F378BE318E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.957{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Yeh.plMD5=3BA1D5A1215D2819AC763E50C74B8F4B,SHA256=851C50101AC25506EECDA99060CC14CA79CE1F8F0439F31758784836F92C6CBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.941{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpAzSubmit.dllMD5=EE9619250DECB7B0DEF47537712DB87F,SHA256=5308801F1B784A27946C3E30BC026E4DF18D8D149220B679271B602FF7118927,IMPHASH=300ED5E63E8A71D34B395F9FB0DBF683truetrue 23542300x800000000000000060611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.941{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Waw.plMD5=03BE90F3DFE5D9B00F1A9C597BB93206,SHA256=DD2FA0F2DD31A0BD05440F4F0D6F71A5E85DDE04372AEB3154DE4444F9390C96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.926{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Seen.plMD5=7A9CDC20C0741B7E9F23AA26CF3C150B,SHA256=E4EE0336472BB827080D20BEFD2F0DE1AB569F083FB73DDEC788DFB9041F4E94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.926{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Sad.plMD5=37F6726AB7C00890CAEABC23923D652E,SHA256=9FE5C8D6A8E7CC1C894E4D8B923819538A48654E4DD09F8D7F25DD47500FD68F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.910{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Reh.plMD5=35AE29408F79558AF464D7B5CE499DBB,SHA256=44981712D5002B7AF097D66F1AFE04AE2051BFD1CCC4CD74762E58B198F881E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Qaf.plMD5=FA37F288CAD5AD076315792EE2E1FA20,SHA256=59E5BDA626934B0F11E6D7757A0E2E47CC85B67CA4513851C4D3850E4532F235,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\NoJoinin.plMD5=AEDB0A503090CCEF80574A94BA3A326A,SHA256=0E7D1B438C3DDA155DA739CCA564E86733E4E9663EE7559BA55C33C16D58DE79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Lam.plMD5=AEC16B439DCFD246F83C8D1029FE5853,SHA256=849E9D237262EC262F5A7972710BA5089FC2BCA150BD10B8B0647A9EFEE56A09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.888{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Kaf.plMD5=5C54C00586B78AD66FA4089EF1D96674,SHA256=10B9D65DEDAA9E5320989D75DA1DD912C30FF49A4D9C91B05CA57693D8BACC74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.872{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\HanifiRo.plMD5=AF1312546113533F62F9E096E1D1FE7C,SHA256=F39EF6310E8DCD58DF4731A3D80BB0D46B71E88C1B3EC72EFCA528CC9F5E3059,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.858{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Hah.plMD5=9BD9C6730E98711A383AF1874809CC85,SHA256=9604787608B16A4AB2A9FCB64C600DE0662E1DFF7AB7E0777BDF654065490B97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.858{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpAsDesc.dllMD5=7F998A9A9EEC218772883F0B69AA0E42,SHA256=5FC120E0D3DF0C03F9432F1D6E3CCC786636A39660AE140325EE7D77AE5B81EE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.858{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Gaf.plMD5=B028C81AE638F36354A6C1621C3CD6D8,SHA256=4DC65322106993A8E2118A79206C1F291E9634CDD24EEC4679FE6C33A8393762,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.841{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Windows-Windows Defender.manMD5=36F8A68EECFB5B89C4C571F6A63E3ECA,SHA256=4D76246642181E38F87B623AF82BF7454050D05775F546506CFACA1608BE9633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.841{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Feh.plMD5=2D61A869FD5D3146D54692B17C4CB34A,SHA256=29F36475B76385A910A3F16A26F9C57E833776AFB4401298E43C133C6531EFCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.841{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\FarsiYeh.plMD5=1BD624542709FDF81488E97A65C8B59F,SHA256=A2FA85BD3118C3B8D517D10FD52FD8D34B5C837FBC585FFE4DF2480319D6BEF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.841{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-Service.manMD5=59A726CACE276AC73893F7C998614936,SHA256=A8BE69E37EC346256296C55E571A26AFC0F60F1DF121A156DC5714B608C21B0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-RTP.manMD5=0EA061B68884A0E5AD4B1F4A93B1FBF6,SHA256=1F78E8C7AE754DA422F11439E732628BE78F8BC85625CF4EBFFCF64C536679FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Dal.plMD5=1F776E3A9D39774BDB4C834EBC91E76B,SHA256=26334E08FC37A8A9EE9B55318EEA7684539D581AE2C76D860BCDA7334A3DFB8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-Protection.manMD5=E4AD891E7B62475FCA109C0DF4DEF16E,SHA256=DF9AD93CDB61587A35FCDCE996955A64413439A474D85C86133A9E9C185D1966,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-NIS.manMD5=5562965C32F03AE0DF8B9DEF950F8651,SHA256=EA64BE59286B67AE930729FA92B2B08DCE5C2EAEB70FEABE2320C47FB6DDAC6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Beh.plMD5=0D2EFAED8823AB4ADFDB6668F523716E,SHA256=EE23ABB5F3A2F6CEB4E270DD809CDADB90B9997709A4D28750D51BB321F8D663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.810{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Microsoft-Antimalware-AMFilter.manMD5=B6D65A86FC1999A62DA10EA3C4CAD3E4,SHA256=05B2BFD40FB3A344C3AE178C420A7FEA9595815CB1CC07843078112F5F551EAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.810{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Alef.plMD5=5609B705A593FE8EC066726439E0A7E0,SHA256=BFBB4171491F49D340AA92485C89A8006DC86C4C96AEEBB9A160843E6EEED459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.810{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jg\Ain.plMD5=17E3DE34B5D78AA26F29D73F3B4825B9,SHA256=8C4E5AA641A8C5EDEB7B23241606D914824587E095972DE51498EFCC1E14FCC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.810{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\endpointdlp.dllMD5=2C43237E1D1377CF68470EED7D961467,SHA256=948563733E7ED68AB573A7C28382919A1AFE1E439EEF07BAC9B30AAA4FE095C7,IMPHASH=97B577A6A90A243C3D426A4000BED6BFtruetrue 23542300x800000000000000060586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.788{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\VowelInd.plMD5=18B01E8A8458DE6C1056477FA25A903E,SHA256=3C5B400D750B32447BE822255DA15F42FCBDB62B428E3C5F84FDF1B94CA6A0D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.773{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ConfigSecurityPolicy.exeMD5=EA0F0D2BEBFD211C27AA39C73F74E916,SHA256=36973D49650A8F1405F4FBD3D7E0D0614F270524235C7DCBBFBE6FF2E83F86F6,IMPHASH=C1B5D6B4F7C8A5BCC84810A010E14536truetrue 23542300x800000000000000060584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.773{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\VowelDep.plMD5=02A8799EFCEAF4425EFF4AC77A6EC32F,SHA256=09161EAA88AD17AE15B1DEFB0718852337525B0C485DE808E6FC26F49BEFA3D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Vowel.plMD5=60AF31949ABCF4DA5F610660AE76DF78,SHA256=7502E4272D800AA07A78605449D75E46C3ADFCB103AE3C8B1BA623EFE5675129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.741{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Visarga.plMD5=660252C693E05A459D88728006370013,SHA256=7EEE79BAD30DD91682F930BF92E1AED728905A0F17DD0EC47C32FD40F65E1C5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.741{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Virama.plMD5=38EBE1A62FA33121B5AE72E3BE6AA05A,SHA256=0C208B18F8083CDF3385A54FDE6B5CB0A6088FA793EEE8C82A557AC53D5E38E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.741{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\ToneMark.plMD5=D57568671892CB4AC8886A6938FB19C3,SHA256=DBA2F2A04C3BE7B78DA6A2CBC230CEAC1B615C6DB9ABEA98DA33F7EFB40D1DBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Syllable.plMD5=CA2AF4DB425058D5B71857AD6666C7DF,SHA256=800638D3A22391ADE7A2BAFE29C75E4B9A6B157BC3D8F2F9076B975E7748ECC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.726{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\com.microsoft.defender.be.chrome.jsonMD5=60A2FC65D3CC1D3DE9ECD2C5319738FC,SHA256=6C6F52B13235148AF305BD614779EA885C00B64D0BB7CC764E3C67198CC524A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\PureKill.plMD5=5B4363CCD13E9CDF290FD58F9EEC3FE9,SHA256=94892EDACC3C7C3D3F57975D7D0C165738D4FE8480AC68E8194D466DB80D9B5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.726{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-TW\ProtectionManagement.dll.muiMD5=A6643FC514B4CC543B0FF3004DEC733C,SHA256=B8BD12EA29B3F76578C55D22768935E32E2655D87D9AD5DEDD98469C1914F829,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Other.plMD5=3FC31E61076054F3D8AB347E63B36188,SHA256=AFBE96BF25A55D6B17CAD2782FF4197F6587BED4A38E016AD4A6F580F708071E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.710{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-TW\mpuxagent.dll.muiMD5=75E6F3057C3C1F565FDBB16B7789CF4D,SHA256=6D72B10E5CA074FFF2017F36A9E766A12F9A503BAAD5F8A87CEB36B6DB429233,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Number.plMD5=5BA2AD884BB8E1D833FE5E26044EA19D,SHA256=87606BB492A620FE8F91997580C8398FC40DED55D4789C456F7279188082269E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.707{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-TW\MpEvMsg.dll.muiMD5=3AA52A36DAAE30C57D5257B6BF9D631A,SHA256=3B8F18EF2402B5AC780AEFE62F5671376B952B50E50985586812C832C7D4BB01,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.705{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Nukta.plMD5=FA333AE14D7802844EAB79F1D3A206F1,SHA256=3D1A9243D564E122A81219AA17205DCD53BACC6F931A8029BFCEF7848C9DF96B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.704{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-TW\MpAsDesc.dll.muiMD5=A281DDC951C0E5075C724FA32C8F41A2,SHA256=FAEDA25066388EA48953094938A36F88B6582DD8AAD9532A9398B185A3623A05,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.704{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC1C66205E5D9D6EB7E09358CC145F0A,SHA256=5AC9715E66AC6468FD7C6C7277920FB62C063996A03239E42E76F314B71D8B20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Invisibl.plMD5=D6951D8F9DE4A2C2C46F018C417BB73A,SHA256=D3482BABE9F5DD281049D968306FAFB5FFE181584D3F84C3DB120B0369E2E095,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.688{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-CN\ProtectionManagement.dll.muiMD5=37B2C102377EEB1C9B6E1F3E7DE794E2,SHA256=66F9A289E579458A3FA83D6542637600B1DE9F2AFF2EBFC6C2A136A2F0F8A182,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.688{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consonan.plMD5=8446084593634C847FC8F4D6DA542EBE,SHA256=02C398E245E98FAC1D3B4A33E9096640753C318D85BC2CE9808E931E44E83E9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.688{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-CN\mpuxagent.dll.muiMD5=4DDABBBA91F6AECE7BA569F25824740F,SHA256=F1D9A9C621AC9F45AAAE63D6626E48978297AE3157AB60209A54A9E1CAB02BCD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona9.plMD5=B1913BBCF347FF90639CABF2D50AAEFF,SHA256=0BA1C4B2981D5CA34623D89B960A6D00C236213304BD92944A1397F97CCE258D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-CN\MpEvMsg.dll.muiMD5=2AEFDEB6F51BE7C54A19071BE6D86CAC,SHA256=AEE4E2CA6D996A1F4FABCF2FAEF12FDB9D4A5674AAF2772142467F18451E0E3D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona8.plMD5=03E30E11DC840FDBB9C2E18F7E500988,SHA256=CE5D15870F08B7D708FBC6802B2ADE025F9908C5C429ED0940D660335D277138,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\zh-CN\MpAsDesc.dll.muiMD5=0006D54713FEF461B95EB505018D054F,SHA256=66D87C7DF196DA1104FA392A87AD0054655AD3B86B6F56E21B47FBF24968D372,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.672{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona7.plMD5=F8DC64006A04BE7ACD750D8636829D05,SHA256=77419E1FD19D01C7A23CE0BC150A6EC7A4B4DB14BC8386E5507E18740D5E4021,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.656{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MsMpLics.dllMD5=F00BF7A69846E54C17081105E81E1934,SHA256=8AF4179A985DCEFE8FCECBB0FE1CD902BB478B5ED60E5A2A884959F7C6EB52E6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.656{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona6.plMD5=A8EB733E6B3B7732822BFB5C1FFDD17A,SHA256=088CF182AFFE2D67C9E5D27059AA13C5F68C92AD2B5EA5DA7E5B48D08909ABDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.656{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpOAV.dllMD5=D0DE21C310CADB79D723886DD8D10686,SHA256=DD4536C2DEB3DBAB2252C2ED4CB55AFD64DAA44DCDA099B84CDFDABA3D3F954C,IMPHASH=B153971B18B753F5A5050CE54B02C2E0truetrue 23542300x800000000000000060556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.641{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona5.plMD5=5D7B15CABAD967A26F520E67E845D92D,SHA256=0137C0831FA65C37C89383333A2C58406A593BE417E5D5F4D1C17123B887E501,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.641{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpDetoursCopyAccelerator.dllMD5=77F166B7E4CB414FED4E1EBE6AC66408,SHA256=E983447B05F5292A01A006E129D00C9CAFF1C0B11769CFABDC870FE5A7CE05B0,IMPHASH=74478D3FF071B77E9B32D63F1F5AA17Atruetrue 23542300x800000000000000060554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.641{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpDetours.dllMD5=010D1B6E9B46C2AB43DF552E541F53BE,SHA256=B19F2ABC0ABF67550204560D40EE1F7BB20DB0D8BBFA934E77DC396CA2A9B68B,IMPHASH=6EAF4C00742F1DF994A4C265382B3E0Ctruetrue 23542300x800000000000000060553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.641{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona4.plMD5=7119664990C91C28796F7786156ECEFA,SHA256=C259534DB89F0FE91DDA04E9F10DA69E66E6CCC9CD06B26C7A854E72556B3C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.625{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpCmdRun.exeMD5=4B139C1413DD5689C8D3BC3A38E52986,SHA256=17160C70EF219DC95499020CCEAB91E666B5004B86EC80BF3D240710480A8424,IMPHASH=D53B9A9284ED1C3789C06C4D975F8A59truetrue 23542300x800000000000000060551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.609{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona3.plMD5=C4CD8F19D31806A2BCE91D6A433DBB73,SHA256=F4D9EA56C4ADF84732CBFB99280CB34365441EE538433EA5C250D054CB7FD539,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.609{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Consona2.plMD5=A2C00CDB94FB8BB3B496F91FDCA7D1D0,SHA256=A44B5324C88F8054AFD3AB06E3F0689FC3055F0F44F58C16DA411AB78D594C6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.603{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpClient.dllMD5=F7D44EFA4C28A88E0DAF1CDB23CD2892,SHA256=BCD8C042D874FB3F2BC991654EE5DBA308343BB64BD3AAB9D9EC65E628888580,IMPHASH=0E644468AB17DC09175E735D79CFB0C0truetrue 23542300x800000000000000060548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.590{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Cantilla.plMD5=72FF736D32D2E3E2859F0D600F01ADB3,SHA256=F89E8958FAD58F8E578783CFD70431298490006B73BAB2CA35289588E80167FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Bindu.plMD5=9BE00DD83ECDABCCA8A0CE03F1837D3C,SHA256=1080A31BF4E4ADA7ED4909EDD3B12FA2EB980C4AA0929387E44D29BD15D15443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.572{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InSC\Avagraha.plMD5=81B3C7E1DCAA265012E40E8A049EA857,SHA256=6FD75D1A4828BCBE7B515B49E0A53518A3B718642793487D6A7D798255BCC097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.556{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\VisualOr.plMD5=1D4668D931E0A42A5FA8D5CC27D8EF8A,SHA256=64E337971DD9510254EC7CF88257C16269685CE0C437E35DCB4C9A1A1ACAA8FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.556{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\MpAsDesc.dllMD5=A2BB183B5DE2B4C0CE7C7C5AF37D9AB0,SHA256=7ACFB0BA3AFBEDD7EA11AECEB3ED795501BA8E3B59445AF6378753F6BDCD8C90,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.556{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\TopAndRi.plMD5=66E9D0DB757C56B4CF7688C5B931433A,SHA256=ECB77E8CA69BF4762408DCEF835FC253334B775AA7FCA6116637E36EFA0CD9E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.556{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\endpointdlp.dllMD5=D31B7BBF2A4E1F6727BEF92C51CDAC7B,SHA256=5FC33962B7872651D5AF1E7533EA38CE676F67F7D48ED4F5AB214743F59EAF38,IMPHASH=881E23198BCA1D0E73E1198892F9636Dtruetrue 23542300x800000000000000060541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\TopAndLe.plMD5=C4E9D18CC1612524F71484F3B58B1CCA,SHA256=BFE43901154CF2034D74578B22216A237258537D03E3FA5A4FC0BCC24B85148A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\TopAndL2.plMD5=BD2C2C128B39463CA95ABCB5AB7D6282,SHA256=24E6EA625ABF3322954A3D55920848C59F28961BC24F4B2EC3F46C6F94754EC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.541{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\X86\en-US\MpAsDesc.dll.muiMD5=E358396AA763AD53BBFE691F7583101B,SHA256=6D0183EBF8ED1FB253BDF38765B3330E4A4E873710292E1F4C543589445334D8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.541{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\TopAndBo.plMD5=FA63D5C28E4E9CC41E79F806A87DF0A5,SHA256=1A19CB26998C457F127B0EB390AB5FBEA2B1EE2F4472E7FADF9C2DB7885EB143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.526{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\vi-VN\mpuxagent.dll.muiMD5=93546D11D843DD7246BA3AB3CE0232B5,SHA256=D8B48B820584C6D7A0D31DA479DE9A612E8082BE97599055A18A956DF56F7BA7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Top.plMD5=B74C65D76D0838F6FD32591539AB36D7,SHA256=9B8FF535E7CC6786D91FA1E074F770562BDCD0F7EF48250A053697CB38882823,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.509{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\vi-VN\MpAsDesc.dll.muiMD5=E0753E39A74376DA225485673DC44AE9,SHA256=307C6225372FBFC803CFE97572D94074C52B4D5B921262939D4CB520B2D5E92F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Right.plMD5=308E99E8CE51B44F1233E903914E9574,SHA256=5B8FE00D43D1A82A94D9975A6BEC230B25A324D9C4E2169A96FEAC2A04CB526E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.509{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ur-PK\mpuxagent.dll.muiMD5=FB71CCB9A55BE6903211A2553F550CC9,SHA256=23A8D16236CC0DDDBC324A3B64B85547D3DEF0BA555D64C988D43526ACBF2DA5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Overstru.plMD5=890BD4919820E44D4478749FE83DEF0F,SHA256=3763DBE4DB6D9E0B9EA943F9A08FB7B8394EAD71148B568F1AAEF34C10273AAA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000060531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:35.441{6F5BEE90-18C6-61E9-6E00-000000002102}3440C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-53.attackrange.local52446-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000060530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.503{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\NA.plMD5=A3BE5198EA7D209CDFE712EAF7BAADCB,SHA256=7B2DF97E1CADE88CBAD5FCC5F2496E4E83A5D996B38CBDB1C7FE32855D407204,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.502{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\uk-UA\mpuxagent.dll.muiMD5=E567348DFFB2A4822F03AB6031E470F0,SHA256=2F48C04BBB10082D3341BFD0B5AEEB1D1E9E7A7B3FCD7C2FDC6F43147CE4DCCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\LeftAndR.plMD5=8C5A09A5FACD886A7CA387CEE2BD5866,SHA256=CE8BCB65B7B185228CF18891769A4714E0A470A1635E17237658F1AB18B72745,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.489{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\uk-UA\MpAsDesc.dll.muiMD5=BD2BEB6FE7062E7441E9343977F951DF,SHA256=D27B62A1D7BB56CA93E090F41F173C346124EE867DD954EF6F269C90BCEE96E1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.489{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Left.plMD5=20E09732DA3EB910B5B7626EB53F2EED,SHA256=496E2DDEBBDA83D2502E80730FCD0347025DAB62EB99AF8427C2AE1569520D0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.471{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ug-CN\mpuxagent.dll.muiMD5=7EA1650BCDFAE680998A4BFCDC9DC7E2,SHA256=8C69BBF044DED1299182AE18F542580592200C06CD30A04C16BDCF388AE04D15,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.471{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\BottomAn.plMD5=1F585789D676D4A320812F62F7432A95,SHA256=0BC0957082672252334213287A351055BFC12531FAD8935C445ECA9229497EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.471{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\tt-RU\mpuxagent.dll.muiMD5=A90BE8AE9BE190903F05BF5712AC00D6,SHA256=399CF9813A5C41D51F8A67BF38594E419F338074FE75DE39F6E1A2B217D465C9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.455{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\tr-TR\mpuxagent.dll.muiMD5=E5746BFF43FFDE6F22726D8A3C55B359,SHA256=336D5B061F856216A91D36848FFAE9BF3B92E75C47C4009E0F4222536089A77A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.455{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\InPC\Bottom.plMD5=703168246B5EECB9CEC63731264F4941,SHA256=F0646AD84D12BAAF8E45EBC31EA23CA6B889D30D3BD0C0BB158B03F1613AEBFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.455{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\tr-TR\MpEvMsg.dll.muiMD5=DD7CA24DB33DB7E0FE85004DB7CCCAAA,SHA256=BD949368CA4CB8843FEF082AF3FD30FC53B863902C202FB001606F1EFF9998A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.424{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\tr-TR\MpAsDesc.dll.muiMD5=4E2E2F66DAFADE0EF18A779E939E6925,SHA256=F747BEC5848F875A723F68DFB0107D7B1812A9860178B0CFFB4AA360C11AD58C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.424{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\9_0.plMD5=9839ED127C3F7B4D9C7A9CA841B977D2,SHA256=BA6B70BFC27E3634048071317AA80107A7337A34ED9C2CDD5BAA373DFBC0B732,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.424{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\8_0.plMD5=479A7C7A9035E943EFB10ED38BF65F91,SHA256=DCAE607A6BAE7FBE37645E1A043CFA8232FC10578796332C9259FE9E27F5D659,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\th-TH\mpuxagent.dll.muiMD5=4D62EFF18866F721FF0CAF0EF6A010BD,SHA256=CA6ED94A92BE5D0CC80775B3E6B6C0DD9C9988CD6A4C3B06841931BBBDB16922,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\7_0.plMD5=53B03752708AB4C2FFDC22CE430B0917,SHA256=9553C601F473B0F8A9C145D8F861C961E617A39F7651BEE816AF6E7FC360DC94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\th-TH\MpAsDesc.dll.muiMD5=2340C0D45E832BF04D8CCFF101ACEAAF,SHA256=A3CFFFD5E1BAB687121FD1DB2E2CD6F051A3A7603A3F2A860235B831AB58ACB4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\6_3.plMD5=49B6BD0B07BCFBBB1D98CCCB9779630F,SHA256=A210E0618CE1616C0D7C3438195F37FDB01870D56AB6A823A65DFFE065239474,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\6_2.plMD5=49F2456A147F7EEC25FC2F61418D46C3,SHA256=BDDF30B8ECBC8CA2879CF8D9E2BE579A2DDB5AD63CC6662679B33C3A4882E8E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.408{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\te-IN\mpuxagent.dll.muiMD5=E91AACF39AAAB709F9C83DB237FDB5A6,SHA256=5F4D20D9F3028F3DD5CB8E576197EB32648A3584716020D581F9499219BFA504,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\6_1.plMD5=59ACCEE59618F61C9D0BE6F654587D0C,SHA256=6280319ECE381E07CC58C583F6A1007685765EED3973DEDDAA9E562CB5CABD73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ta-IN\mpuxagent.dll.muiMD5=0C19EE18C124C7FEC312FD7820421284,SHA256=8C1875C00AD41E217448B0C600E67EA723BAB621458B6AF326D50758F320772C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\6_0.plMD5=52E31DDC6142BA01D42A81564350B37F,SHA256=69C0D71E23B32863F2CF618E24CC624633FA103DC6614F0DC64B60A83BF4156D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sv-SE\mpuxagent.dll.muiMD5=6DBF66E7553ADCDF6CBE512BE67081AF,SHA256=A18AB836593EB0BBFE63C6E12568B2EDEEDF7CD47C8BCADB39F06B696A555676,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sv-SE\MpEvMsg.dll.muiMD5=57DC0CEE83138B18C31EAA216C1F7E84,SHA256=A263FC60604A9C622DDAF84ECB93044F9CCF58BE849B5D3F131D522C55A9BA6A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.386{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\5_2.plMD5=C5106F08A93F02A8CB86DA6FB1B1DA8F,SHA256=2EFD41F29756DAF63C559E51A5D83ACEC0B6482942432C34C362060D7D53B24F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.370{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\5_1.plMD5=40C2E8E7E27EE1A469AA62F81453F990,SHA256=061E211CB926B952CFE33812D6CA598C91EDA1F7E38F61397E744D235DCB180C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.370{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sv-SE\MpAsDesc.dll.muiMD5=241952F5D2761C2C31313F378134D6C6,SHA256=EC6A416EABF4492DF0D09A85AD8C23F0AC85A4CE01F3535D2283B2CC93E215F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\5_0.plMD5=750A00EEB79A40BC68EB31744282DB84,SHA256=19D34EEB13E28A058DD55B52167D1D1CA92793153AB4DFE760EBA2A8F25C6BBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sr-Latn-RS\mpuxagent.dll.muiMD5=8D1C0D1DC4BA076850622C57E43E108B,SHA256=373812B4F37D2738470A6DE2B5E8EEF04687E45BB7B8890EBBBC2ADF36FFB263,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sr-Latn-RS\MpAsDesc.dll.muiMD5=3276EAD25D3BBDC52EE082C9DA1F0B7A,SHA256=98288AFDA6DA9EC145558FCDE25195F4B4FADCA581BA5D89B9EA5B511DC4987A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\4_1.plMD5=E0DE320C6A653F8CE29C00BB047F7EA3,SHA256=8D5987079C259120D4E4B50D1A6847C6F244CCFC89284E7C7914AD3DC0DEF439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sr-Cyrl-RS\mpuxagent.dll.muiMD5=59C61E98E128E47DCC24978A1AB31409,SHA256=D8FF8490B51BC6A2FC9BE1941978C1685AF2CA1908C64A2FD02FC6139FABAF88,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\4_0.plMD5=A8F6E14E4FF406567C3242B761685995,SHA256=6C51BA8CE0190AC26F6738C7AFFE9883FB01752921D203B73F3C4145B6647878,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.355{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sr-Cyrl-BA\mpuxagent.dll.muiMD5=A10794F9AF078006A01637473AABAEEF,SHA256=6CF7B2D357B358AE91A377F972C5003F86524789629261D727D00898A0D1B757,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\3_2.plMD5=C920C368B3FF05DEA52C577100997FA1,SHA256=06F4E742E652CA6224C8A105672C4F32E95E0E6AF918A55289BF6A8279956915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.339{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sq-AL\mpuxagent.dll.muiMD5=D916D4AF97C23DA73920A239459136FF,SHA256=EE3DF61A91C0853698B6FBCF7FEBA3E7A49C1BA547B014BFD3AFD2B8F999FEA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\3_1.plMD5=929D3B68390505A42D7ABAC51C62DFFC,SHA256=2AA17BA109FE554EFECEE8EBE113ADD4C3EBBF71C74272E0E1DBE0C2404DDAD9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.339{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\3_0.plMD5=5D924BA91794FD423B12BCB5A14843B5,SHA256=0F7C1EA5272333A3FD4179C7A6C61FF8706EE464680E868A3158A08F046F2770,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sl-SI\mpuxagent.dll.muiMD5=588B3FADFD391714D259DA1E672D9A3C,SHA256=3F410A4E228C5768B8765B745B601E0F8BA011E9E9D3C8FF467464D9FC99DEDA,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sl-SI\MpAsDesc.dll.muiMD5=A877EDA9E896B92554B7575D4FC6601A,SHA256=2149D5A86DBE070E68EF2D82CB299CF51DB0793C915AD59202CD2A817444140F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\2_1.plMD5=D50F17A5526872D035B27E0AF7346EDD,SHA256=B5B53074EA47B85C36199C203E86D1BEF5D8AC38F42CD3771F248F72CD35D70D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sk-SK\mpuxagent.dll.muiMD5=C30FEA18E3BCEB2E57C234D3CC92BAE1,SHA256=BE6154269AD4C2EE16BFAD92B1C3D9C634B923AC9EECCD6B14338FB9253FF3D1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.324{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\2_0.plMD5=AD7DC6B207B43C740ED27507577608A5,SHA256=3C2C02DAD64FF7DA5A923454A1B62152181B86E5A9F7E3968B29F56EEB3D73ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\sk-SK\MpAsDesc.dll.muiMD5=ECEA9C1B9EB050C553C28960BC1E109C,SHA256=9F2595CA29A2C3225203AB4F7A2108F603143966643BD95F028C43D65A9AAB82,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\13_0.plMD5=49FDDCAF8C809EF42336ACD0662657D5,SHA256=9357C9AFE8AE5114C3006812ABC5E33B415C905D611442C30AD10F1C68CF3B47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ru-RU\ProtectionManagement.dll.muiMD5=75A77AE10A0FB99EE3EBD99B3BEF5412,SHA256=F2817378A44DC6E0CE67E21029DC316156C01BF32026D82995701F5247FDC448,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\12_1.plMD5=A92ADAC8E088B878A540E433D3C96DB5,SHA256=B59008E9E9DA728F2AACB86CB6493A5EEE6502D46379E20A07963D6D279D8BE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\12_0.plMD5=A09819FB7FC6B6592FEFCCD8FC140C63,SHA256=3026BA6595AA625C851E24A73EC2CACF906636A9C3FE0EB73D81E946310229BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.308{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ru-RU\mpuxagent.dll.muiMD5=E7C767FE0B6E6B8CA1FF9C857224A1E1,SHA256=724ECE305261A4909DC5B6F0A7713EFA870322C6E90A4DF8FA9FCF2413FB5647,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.307{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ru-RU\MpEvMsg.dll.muiMD5=F5934A1A8B91FAC2B63903EF595B7201,SHA256=2FF8FB6EECBE5BF1964B6754993F2542EC5F15A36975C5D0374F69F9471F1C7A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\11_0.plMD5=E2EBAA4A7210C9EA17EF0AA401FA6360,SHA256=ACEBAA818D09B220C65B40880FF83F7E65C5AEB05BD577BD6D0D3408F9C5EF91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\In\10_0.plMD5=C016B2C148770A887E3A94A08E4A75EA,SHA256=93D748A7898A74946FA2FBFD7DC1D5926C4099E6D681C6AABF6EA42BF2BF9E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ru-RU\MpAsDesc.dll.muiMD5=3AB8F03931F8F8988E3C58C099CFCF9D,SHA256=D5BE49E26B6A65DE5F9B82E63A39D1F1E966DDF8B306529083F108353D3F1DB5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Uncommon.plMD5=24AFEE6288B22F1CD15B99EDE75DD18C,SHA256=D2637B79BCAD5710B6489B5335602040A1CBFDF6B29A8D4A4DC0BE5F57119663,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ro-RO\mpuxagent.dll.muiMD5=214D87A4AF663C8C760FCEDDC59DA045,SHA256=76AF67985AF5FBED62A98DE0AF174466BBDC1511D4175773D3CF970A98478532,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Technica.plMD5=792624B982F802D3DDCE015460989D77,SHA256=8B42A8B1566BBCB8E3FE85F85728F1E8B27F39AD658B35D223F26741D58BD163,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.278{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ro-RO\MpAsDesc.dll.muiMD5=54E5AA8B1250D21B6BBCEFEA9FDFF06D,SHA256=C9F6923AEB37BE5BF4BD9E44917059DE6A36AEAD2D6F803D9614BE6E8B20FD7D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Recommen.plMD5=BE202927EF82EFB83719A6BEF2E12D54,SHA256=E5104705FD4C5CB936EE4922EFB5195196E72D46D7978D4BF151BC64BD4D25EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Obsolete.plMD5=A5419C3E9395BC66F87EFD8613F6CB97,SHA256=6987B2E9808C85CD2F43F4BDB17F3FE0C8116F74B0C7AC6E1B994DC5D6BA7633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\quz-PE\mpuxagent.dll.muiMD5=AF9E03A136080D8875E7A0FC87EFCC67,SHA256=9CAF77442DE09FD6D31BAF6A3FC859C59BB42A8D070F04811C2FC1D8D4574F4A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\NotXID.plMD5=798BA5DE09A4E37029D323230CA3A89E,SHA256=5C09B9A91919D69A6FDDCBDD19AB7F31870C25281B7132FCA8DF65CD961BE3CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-PT\mpuxagent.dll.muiMD5=62450641571870F4F025BD852B775F82,SHA256=C5CB4EA73C2C8C031804BEB1975FA44131CAB267B5B31E962D9DAE4F5DD71422,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-PT\MpEvMsg.dll.muiMD5=2DFB712E1ECAABB598427216D41CEB2B,SHA256=4BECD14441BCD5188AA970E4BCFF00D15D0AC6066B2DDF99AC59856F16CF92B0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.263{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\NotNFKC.plMD5=A74DAECAB1656257B9C8DD81E8A80B67,SHA256=F1325FA2FA3131E7CFFB8F04CBD672D5A4543B8B128D66B96914A9D3C323ADDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.247{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-PT\MpAsDesc.dll.muiMD5=A0F78F251516E721DDBE311B363D92C3,SHA256=8B5BF06EE5FE05C305A4CB8DE23576CD5D1ABCB384B9F30A925F481A313CA5F7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\NotChara.plMD5=679FD17CC677D67E66F095F8FB1F4271,SHA256=5F5BB114C3A6608AAEDE37A06F681CB36F6D8F523D3E86AC2188DE677CDD5BEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.247{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-BR\ProtectionManagement.dll.muiMD5=2F44A204BE50CA405B75C51CAE972551,SHA256=ABB117DE85064F1335D935AFA5A70ACD7139DB4027361C760844E116AB5A19E5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.247{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\LimitedU.plMD5=D3D5C1B44E458F4C0727DDCDBEC0838D,SHA256=E401CA7B8BA79F7FA62CD0436E72AA15D108E074C3D4E94D1220C27FC7E059E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-BR\mpuxagent.dll.muiMD5=8F7A4D1BA20EC5FE22AB8F72E492780B,SHA256=5FEDF83BD8CCB5BBD1C3E2E06F3D0E9722BFFDE4B52A3CF89F4FF721104A1EA5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Inclusio.plMD5=E63C41F90CAD182EB6E2B4D6532086F9,SHA256=FAC3A65BA3F8F13FA04D33F49BA2456F6EC94AC30E1B8DDF4BC4A6C4F5CE2496,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-BR\MpEvMsg.dll.muiMD5=9E6582193C80680C38B48DDAE28368D6,SHA256=E22ECE4D4B21E5A323D9217655A514C699E8EDFC036F698DA92FCBC3DADA51C7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pt-BR\MpAsDesc.dll.muiMD5=6567DAADB6EA86B36540B2D690DF98B5,SHA256=CE581EABC6805A2FCB9CF2B44EB37F9257EF614DA53EE1BEEACC00EFEE5423A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.231{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\Exclusio.plMD5=9C1CE49A186C725AD48B669DA1A048AA,SHA256=69BA81B3CE94D3054C41F45228B87A039FDDA4676F26B667218858EEC71283CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdType\DefaultI.plMD5=22C86840FD7CFE7CFFCF96A69F53FA49,SHA256=0FCC9C004E9A5AB94609A414649499DA6E27787A9A7D14344219903FF5546049,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpWDOScan.cdxmlMD5=D9A490F7F4B69F4F154F0512AF068FCE,SHA256=C97EC11395B35AA1294293453A4BA33ACE50E9687F6BD5A5DE9137A18119EE6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdStatus\Restrict.plMD5=F1F8EA11D5DBD2CF91361DFDF5E12ADF,SHA256=D163EF545477E1BBF059C45861A725693C1B756096A9938C35197158A867D50F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpThreatDetection.cdxmlMD5=89E9A865E87A4DCBBB7EA722195B72AE,SHA256=83727671BC4154E7FA2F2D1373FF6842AFADBFA485A051302B822C3C1DDB6E07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IdStatus\Allowed.plMD5=6F7F6009C38B4B8052894AEBF0B507DD,SHA256=054CBE170B9C156424B43244CBB7CB36AFA12124163DF3E5F7EA022A3BF065F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.216{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpThreatCatalog.cdxmlMD5=0322C1453159DE2333C83329D4258699,SHA256=8639754D6DB93FD8A4AABF06B87D218B9DE9270458BE1E6A38FE0A0402E97FCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IDS\Y.plMD5=867932AC8BF2870C6AC6F6A993EF952B,SHA256=4F68F3F68162C795D71A5B40BD0C5F080BF96808CAEB2660874FE8C186D98FDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpThreat.cdxmlMD5=368447630A1F29A15B337DDEA1847A45,SHA256=4D7049ECCAE3970C041C5F70DA78C465CC90A5BCEC1C02D5F6CAFBBEBA1BCC52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.200{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpSignature.cdxmlMD5=951AD18618A18F2EBC0C38A7CF2D48DB,SHA256=20F13DFFF8DB3B358650FF1D7FE33AE6AAC0A2884DFE764BDDA2C9EDE64409EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.200{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Ideo\Y.plMD5=4A365DA6DE125A2319444B34447D9864,SHA256=32C288EC4B0E0DA6121E3C33B3CC340F8AD1951613CE293C3C899AB36142AD9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.198{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpScan.cdxmlMD5=D414B25B1D087BB77AE36A7FB648D1B8,SHA256=40BD053A87DDC3B144350935BE16F2E8AF332877A55ADB8CB5716516AB897B5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.196{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\IDC\Y.plMD5=F450351F3097BC85D2624F51E0162A28,SHA256=6D5384C5B724110DF1E4CF79AE7A8927277622D7001AF970B23E637CFB95722A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.196{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpPreference.cdxmlMD5=693890B31D01CABB17199EBA4CDFAD6E,SHA256=49508780628ACE108561DFB27B62CF918F669770AEB4F77A7C276C7F5E89AA64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Hyphen\T.plMD5=19D229CCFA8136CAD00C05E98C8C996A,SHA256=7EE531585E711652B0A30A9C74CEEA600AAB5DF7A3F1E1A46C5FC0010ACA16CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpPerformanceReport.Format.ps1xmlMD5=5224C879069533594F957182C54598A1,SHA256=9533C120C1B00477DDE88A52629358D5BAF04AC714CE9563258B073AACF193AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Hst\NA.plMD5=9FE863DB4392FE5F79BE9F8DE7C0151F,SHA256=46B93D3511396ADC25755CFAC5C880B5BC917E2C07E6992DF16884B607AE0EBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Hex\Y.plMD5=7E6319E52A920C5C5AE231B78524016E,SHA256=CD74186A806A03B2EFF1D2655DE719C54F88B0B0F249475F1E3662891E37C95B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.178{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpPerformanceRecording.wprpMD5=990729AD92C1325C42B04BC975ECBD57,SHA256=E796454FEE4CF17EFDC25DB5FEEF00A5D7C1B335E6C4B4FE996E8AD7CAB01BC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpPerformanceRecording.psm1MD5=F6944971576646F5A0CCCA406155FF7F,SHA256=6E933F757FCFD5FDAFF4DA1B02BA8104273F621B3CB67C6CEA0F12019B27D519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GrExt\Y.plMD5=2A1DA0456836E54F0D840C09E18295A7,SHA256=72AB273EB12899CA3F19AF27FB0D1050F7EE305177F1360284A2ECDCB73DC69F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\MSFT_MpComputerStatus.cdxmlMD5=4EE29D71C991316C509F2704E1898CC1,SHA256=01845DA368E6EA6813F552D37ADB74F2DE1306A093EA8F0754A15A585D2D2E49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\Powershell\Defender.psd1MD5=A984FBCDCCB917E0E6E19368C1CE6407,SHA256=7F2DC7F16F71411336A102A1F16228A65A137DCD592F0812AFE9D33DC5F67F86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pl-PL\mpuxagent.dll.muiMD5=11638D258F50151829917FE996BA2ABC,SHA256=1389C318748423ACCDA73AF1E6190A1AAAA8C22A2C86E3C03AF16BF1D0155630,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GrBase\Y.plMD5=8BBCC647A0FE5BE43384DC7CEDC1E0FC,SHA256=196D156AF9E52AA1A43A05B61924AD53BA2B579CED09054BDBC1BC13E0BAF03F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.163{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\XX.plMD5=5451930A28697B8AF864BF2A1B5C38F7,SHA256=1505A2AF8A61AD275839008B9B9ADA1A35470097CCA8AE814F0E633C05355D93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pl-PL\MpEvMsg.dll.muiMD5=761C0CBA4336B12A5AA0F2C880627F8E,SHA256=9A5528DFA98B2C431A01DFC430B782FCEE2A3E0B66DD001821D3EB7A584BFFDD,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\SM.plMD5=8EC6F1F54C327FEBA8AD212B4DA572B2,SHA256=B1DA02D1C3FC35F9A3E1EB037A96F535A0477DCA18B9DECD9E6F73FBB1011DC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pl-PL\MpAsDesc.dll.muiMD5=B401083F2A501DA8336270EFC4A7C2B7,SHA256=42492C00E42DC745EACB8762A322EDB07FAFA8B75CA4F86B5AB296E01F5B5731,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\PP.plMD5=02E044997BCA136AB71C2DEB6D04D3FE,SHA256=9626C0B0CD970DCE656EC14840712EBA91EFD1F7D34AB46A6B706AD429A3CADE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\pa-IN\mpuxagent.dll.muiMD5=4C850541D6D5FCD22D7EDDD326237592,SHA256=BCF712B90946EE922B6006B6AE2CB06C63F5759859D4ED8C33C193D3BF85D929,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\LVT.plMD5=75DC6541A3369B065238D13375BBA547,SHA256=76A3C76661856B9CD31306F3CF72C72674A6EE1E37A7D64BEEBC47D3A1063F02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.147{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\or-IN\mpuxagent.dll.muiMD5=67F1E4690049BF45075F47F5FDC3CBA5,SHA256=BAF327C320A2DF51ED3587970E24A63D15AEC602C8A04D737AF544D90A49F542,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\LV.plMD5=A22EE91005FE324AFFF6364C0915091B,SHA256=D8E07D266E2C7445CD6D3E66A7DDDF12E5F137AD01F72227B5088838778C9E67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nn-NO\mpuxagent.dll.muiMD5=1A054A4D4664B53B1E7CF3D41D636D81,SHA256=C8810C2B9C2F9A2CFAC2F796F3ECD08194CAFF4426F82306A8DFCF6CB55F768D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\EX.plMD5=F8D16CE86A782AF8B2DC5BFDA50AA43F,SHA256=690B8F88D9907258E33EC8598D88A2CF36C9CE8D89C47B5475012C486A3ED424,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nl-NL\mpuxagent.dll.muiMD5=7E55F07806CDF92BB8E4A9F9A08AD113,SHA256=B04D0987135C5BE091154DE260E9656251A9FE56B858F6D7CCB7B8377CFE8CDB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nl-NL\MpEvMsg.dll.muiMD5=C7B03BDBE1B44F1E4D1A5CB31B0E3D48,SHA256=AEBEBF2E049BF6363458C8C27BAF50A5C3B5EC0306220A776E8B9E0042006FD4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\GCB\CN.plMD5=B78961F94ED8EFE17A6C356AA451C07B,SHA256=4B1204DF7533EF5EB41143C3B03715AC138617B6C8A644B01623BEA7C9EAD2D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nl-NL\MpAsDesc.dll.muiMD5=2BFAB6AB228DB7C31EA1375C9387AC2E,SHA256=812C33C9F36C5B59B7EA8CDAAB72FA3C9E73C2A2510D09C951294DBC324288A2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.131{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Zs.plMD5=6DCA80F1572F8903BE18341AE5289BB8,SHA256=20744FB476772B5671D4F95A083C5C8EEB37A9797910AE2D6B007989F06A4685,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ne-NP\mpuxagent.dll.muiMD5=BDA62FF800DC54E78BE512A9817296A1,SHA256=8D9C952CC6DEA5BB24C28F020CE008800234D410202294D91978D26A73F9B7DF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Z.plMD5=1F8FD10D96158CD3D0388BF5C929223D,SHA256=80EF818E53B43309AE91408069B8B30EAC80160783DC58C7715543EB8F7AD969,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nb-NO\mpuxagent.dll.muiMD5=9C2A110EAA6FC97E3C5DA47646644808,SHA256=17252AFC4ACC242594F4B7E3658A46D42B613C3A44812F02FB493325C04ED4CE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\So.plMD5=6238420908932C6E1362F4E41AC20E84,SHA256=4B85716DC60A8FA18E7FF2616167DBBA80B94FDF27F94DFF5A3B457C436B8675,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nb-NO\MpEvMsg.dll.muiMD5=274F55B1372D0E00476F7317A6B18102,SHA256=D2F6EDD39F099DB01F16BB9FCE879BF5B3CC0D0E9D92452386CFF1FC48054B13,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.116{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\nb-NO\MpAsDesc.dll.muiMD5=7B7FA41F68671935365EB91EEA46CC3E,SHA256=7FE884436AFC67314E91AC08E437455E9D65A19E69A357AA4C8731F48A67A46C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Sm.plMD5=03C95808D07CF7216AB71C3F51D51A98,SHA256=55D097C8312D261546E1B04C33F77AAF504C8A2816FAA0E000EDEAC5DA398470,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Sk.plMD5=B236361FA4D32C5498AFA6C75DFC3B3E,SHA256=06F2AAA4FBB77ED1085EFC1827B4F8F389978F56BF7F765B2D5ECEBAD132D424,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\mt-MT\mpuxagent.dll.muiMD5=ED84C38AA2B7F9ABEC006A9FEBFE7EF6,SHA256=91F2CD6856DBD5355DD686D174273338689751DCEFB222BFB483A7B8A780A0DE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Sc.plMD5=32F696B18823CC2B90B3B16F0CB3F6F9,SHA256=F1C6B11EDC04A11D0A94E9EE7B851354263804A447BBB89D5B73D34F88664DF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.100{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ms-MY\mpuxagent.dll.muiMD5=100C8A0F6C65E7E8758F4C21D343843B,SHA256=F8CEF87FED4E8A4A81E6730051EC7E5AEAC9C3D0A0C92A02122BEDCAAAFD2E1C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.099{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\S.plMD5=D9D65A9A106E4143010A4138C5320BF1,SHA256=A0B5E28796A2720253F82A35953D5F6B26B28B7AE2FE542E6075155D1BB3F83C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.097{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\mr-IN\mpuxagent.dll.muiMD5=0357ED34E45AC638376BCCB20686B007,SHA256=98B9926F73522499889C87DBDAB469584D3F1F227643D89673A4C615C4DC69C1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ml-IN\mpuxagent.dll.muiMD5=8152B5AE1D28F86FA4676D490C629B73,SHA256=E96B27DA4251B080A70E1BA9FB3FDF5A75E5893F64141019953CFA5979A20F3D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Ps.plMD5=A2CB44AF1657553B17978C5D1F44C831,SHA256=F19B37245973EDD504284FC202AF70F3672CF56207F26351B41EECD61FE16B95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\mk-MK\mpuxagent.dll.muiMD5=E8E3CC331E4C2ED9110E6C482156859E,SHA256=AF9A7B8178531DBC899382AD925A341DEB154DFF92CB7AFD2B9040B3DCCEE6D0,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Po.plMD5=E1F93CB5E58411B2EC1C3A3685F19477,SHA256=342A4F1BC16F7EB0B9723406FB493BD083FC8826D2B57076A77A288B0BB134D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\mi-NZ\mpuxagent.dll.muiMD5=DC1C80F841F208EA10819F7E98B8E318,SHA256=780D728F4432C48AD9FE89CDCFD763E0B4DDF55B96A5B7DE4DDFA4CF0006FEE4,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pi.plMD5=CDAC247D2206BE0F1D0E89C24FE107E2,SHA256=16AD95E281DD566F4FE10F261A9D2345EF3BEE2B54F34C29E6AB693D11800AF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lv-LV\mpuxagent.dll.muiMD5=8715A0A82126811B284BEB7048C9EE9C,SHA256=379B83B23F5251396461C2184AD74B2FF6C80ED83286DC35B072F42CDEBD4404,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pf.plMD5=3FE71CE64C198253D2C00FF28A8FDA8E,SHA256=D4ADC816454C5B7CDBFBC8EDF84A9FD9626C80FFF50812864E20D37FB659AE1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.078{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lv-LV\MpAsDesc.dll.muiMD5=83EEA5727866C15FB534F7E793E9C422,SHA256=8CF18A0DF4955161E083B2D206D18FE559F546E63DDD8AAD95D6CF3743D9872A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pe.plMD5=69644E3726828D9CE843C8763A220B5A,SHA256=342F71B0B3EDF791071C107B78CFFCD50C261EFDB3A18DF8784BA9AAF897B7DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lt-LT\mpuxagent.dll.muiMD5=0BD46E92BFA8B571696B42AFA026A788,SHA256=A0064AF8E8B9ACF8F0FD5EAF6C44ACDD0A5089CC4046302C4C2D878A83A9F2D1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lt-LT\MpAsDesc.dll.muiMD5=D0B875F11FE3E603D76BAA308C4A698C,SHA256=0C02077626100E0BF153A0B368616B0A0BD4D72AEB566776E6C86010800C507B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pd.plMD5=336E807E5922D3DBC39998708527ACD9,SHA256=F5A922512519EA682CFA49542B8E5C9C256798B4289347D473AFDE8B79CA9B56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lo-LA\mpuxagent.dll.muiMD5=4F4D5B43666B5DD91A0E6B68FCCA841F,SHA256=460E8072BF289928CE8F1C3B12C37C4B7DBF764EAA39620425B6F9B1D753C9BE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Pc.plMD5=E9C1180537B87B430EA03D2CF64D83C4,SHA256=536B78775C75CB33EEBA5AC9E1A5AC84E9695406BE294495571C7B442E458AE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.062{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\lb-LU\mpuxagent.dll.muiMD5=1F27380ABC9C4F1760B64C8255C7B851,SHA256=3DB7134485EE1187D68E438EB417B621F207941FB7754856E5F8E33298B64CDB,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\P.plMD5=D5F2C68E3EB7C534F45BE10E7FEFF27E,SHA256=64B5303CE6C51831BE983EDA5D407BAB06201EA67C33F435D3C2048325A22F5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\kok-IN\mpuxagent.dll.muiMD5=15737A6D66877C827870F413C742A329,SHA256=863B211AAECB3C2DED40E92C0953300F9DF8F03F86F4A422A878BC159057E8DE,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\No.plMD5=86A18AD0B042AE412562FD63CB6489A2,SHA256=5921C8D22D439963E4B05316BBBA5B5F3BB5836FAE73B57568F46421B8DF7E1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ko-KR\ProtectionManagement.dll.muiMD5=661008A5CACA2888CE61A460FD39DD4A,SHA256=44A0C02B1332E44AAD10A96916B50CD7D75F4B85F487A33EAF93C19E613373CC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.047{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Nl.plMD5=A00D58691C6B8D07160C0392F0CD311D,SHA256=E8F30F96503C44508EB2101D0B909293B2284CF3F040428494833E0CED93BC57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Nd.plMD5=BA7711D13EF3DB9DC02977F4CE952A2E,SHA256=C7DA75A3CABA0E94614BC42C21082CCE764C0B7F617161E63EDFC673B44361D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ko-KR\mpuxagent.dll.muiMD5=B184E8EC7AC67130DDE049B092D78E10,SHA256=A6B341E148C9DB03E3FA5358E9413F3FA3453AE7F48F978827124E846D1679F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\N.plMD5=6CDC5D5E8B5C39BB79ECAEA85F34C910,SHA256=D45BE3C4CCE4C70A4FA7BC94FF621ADB90DDABCA7E1488BDA393CBC09B72C6E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ko-KR\MpEvMsg.dll.muiMD5=07D2FBE82A3409F1C9B831AD58888E49,SHA256=F4A1F7766CE3A5F62A3399056C05F4E9EFBBA08D6534DD1826BDBE4A5F1B6C26,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Mn.plMD5=1F4141C6F8C8B925967121393EA50B90,SHA256=A8F13BB544548FA79E6CF73888CA365BBC140DC9A07A715F7F58C9A3CFCD08FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.031{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ko-KR\MpAsDesc.dll.muiMD5=C90D96FC52F760C48925D72D1400F37E,SHA256=77FDC8A8421A1D89E3875A79C3ACA574AEB79248B03D04001722709F37DF48B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Me.plMD5=4115C46B5FC241477F7916864AB19E89,SHA256=CDB20C58E91260B844A9A23775F1829284BD3BB1D41EFF9B5DD324B963E8094C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\kn-IN\mpuxagent.dll.muiMD5=7DD43D571370DE5ACDAC23F06DA931FD,SHA256=535843FF64ED6D4B35B3ABABB450F047095A6A89CAC67AF3C90FFF8DF48EF2AC,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\km-KH\mpuxagent.dll.muiMD5=222698F0A8FDB2DB3C4594C96F88D06D,SHA256=1D325D6928C049E7AC1F00D49A4101AECE1485EAC92C1708480057880B759E2D,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\kk-KZ\mpuxagent.dll.muiMD5=E686D76F881048AE5FBC203371C3C5AE,SHA256=DD171656AF7165FCD5055C360805A29BE92346894D57A8FCE4D821324D20BED9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ka-GE\mpuxagent.dll.muiMD5=1327C783EF90968165AA47F93277F5CA,SHA256=D6A461F6F468CAE22E658B67DD1CD5F7386AC09E01BC4423BF0014C1A441487F,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Mc.plMD5=A572999E218B89771BE9D4A35947A5C7,SHA256=748C06F8FFB2E5EE0317DB039086968BF7D8AE831D57467199BF9EA48C3EF7A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.015{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ja-JP\ProtectionManagement.dll.muiMD5=016C9D563CCE5D2B4176C2709188D418,SHA256=CB5330A576444D21C9CF949804E652C9DDCD9D6645B867C0B6D040C41704F302,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\M.plMD5=49ED483CBF246EBB1A0A571646177741,SHA256=3EFBA05EED2494168197F978D70B029A41F498BF019C64013775FB5670FC835F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ja-JP\mpuxagent.dll.muiMD5=36CBA59B6BD0814A082660074A450C8E,SHA256=0F684185EE9E428EA9F2CCB51179E7C7A5D79E4F08551AABA4F7B727945012F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Lu.plMD5=91F0F0904BC2BD4E03F1880B39AFE865,SHA256=D62ED24640807B87B1534BCB9BFC3FBB58943E6810644B7A48C60A2D140AA11A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ja-JP\MpEvMsg.dll.muiMD5=3C0F43A583E39BD19364248B99976272,SHA256=2ADCB156C8FA238B255C91BA6BDF8A00E5FBF9B1065B1565238898BFA1EC7099,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Gc\Lo.plMD5=83DAF2D553E215A5DFAB08310371E417,SHA256=3D92C52C7937DA82D57AC72CB0061000BB4834F8026DDA04671F95D528E2FA43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:36.000{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ja-JP\MpAsDesc.dll.muiMD5=B5F06A74EC5CE97265CEB51C02A32E73,SHA256=3AE75A9C93E42FA79FF56AAE113CC205F4AA47A70F0432FE25D36503B7EED7A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000031810Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:36.800{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5F5A8DB9ABBD89F45A229D34CA3E8F9,SHA256=47FEBEBA5B0BB133390247CD8138DC6109783CC39D3F7D5080ABCB8FF8D4119D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.988{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\LE.plMD5=B0F08F5F6BD7DC3CB152AA126A351913,SHA256=B9A56AB8B46DBF2318B04956A88C679168722069DC902EDE588ADC7D05A71A03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.988{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\A4\A4BF3C62D5997AACD71E8754DB2F62B6443C58CAMD5=81102DB41ABA1759906575427A34B05E,SHA256=B0A32E078403E58DA7907F8A1B93269B1576E73ED85669744D8D286518F570BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.973{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\FO.plMD5=1A9BCF772A81AC53DFEADC0262C95A8C,SHA256=BCA40E79E1F724C82EB90D293FED1ACF683BA8C3B496660BEF44E1FBBDE57646,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.957{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\EX.plMD5=D2F71B4B49E119436AB87CBE59E81195,SHA256=30AA0D5A42833287395960E2ADB9D116F9AA3FBC2C23CE41E197B8F48970AD71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.957{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\CL.plMD5=0996FB18ED9094DFA429E2C5D196C7C7,SHA256=B625533E6BF0BB1C97D6BDBCE4A033930374104C310DF0B9BB7353ACA6F8AEFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.942{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\AT.plMD5=2DC4C5354D02B82519F35CE8920FAE33,SHA256=69E3CF8C6A56CC5B730FF0461EF57B9123E965A01C38B4B9BA4A06AF09AF16F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.926{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\QMark\Y.plMD5=79BEED6D714CE9CF5E237B9D05BCB1C5,SHA256=8E53DA41BB32583845459ABB45FED3D4DDE3C8A99D915F63958364E8520CE5D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.908{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlQuo.plMD5=CF7A35EBFBA1D8159E511DDFC755EEB2,SHA256=6A8F0F436A1B4370F19CC113985733312EB02AE3A8718C08586D156D74ACDC56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.904{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlPro.plMD5=A5F908172056AD750654E64EB94D4662,SHA256=8FB079919DF94640ACBD7C99F958A98EA5CA47C68741DF0A3E3757DF1E834E03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlPr2.plMD5=1849288683AD7F679529C084360B3460,SHA256=3A10CAF5EB4E796B525B76F9D969297DB0FA2E56549EA6B540A1C857CC0BF73B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.889{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlPat.plMD5=2CFC39C59C0EDDB7CB7C9B74F73EE92A,SHA256=03FBC37397587F3249FE6440F9AA538F965EE3477157F11C358C54F5B4BB12E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlNch.plMD5=A5245441721F4A9A54B7DCBEB96CEC53,SHA256=20F7C3633096D8A41589EA544B527BFF0C1DBF7EC9FD2DE13A9F4F21AA401FC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlIsI.plMD5=6D22F44C0DA0CCEC3F2012BB1BDC323E,SHA256=EE420B7E6ACF8C658DB2FCC7CB40BACFCC01B4AC9E21DDAFACC1858B10445D49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.873{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlIDS.plMD5=1098ADC7A0104C1B535C397BD74B1BE2,SHA256=D588D66B2778F41D4F45F45284823FFCCE838A1E80B04C8F0B75D73B1C8E3C37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.857{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlIDC.plMD5=8A02DBEB06FD40EA3E2387FCA01231BC,SHA256=434830011DDFD901F7BF964EBFECBBC7E3C473EDAFEB5B1C9B5D2CD0A9576CD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.857{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlFol.plMD5=9FA0FFCC087431859459836AA6E6CE4D,SHA256=6D814EB9E302923812CB56290320DEE676447742B41ECE74CF86BA822C6D1B50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.857{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlCha.plMD5=F5A27176B06DD8F33E29D1E781716F40,SHA256=A3BFEEC92B2F47A220EC858A895DE36069E50C9446FD37E0E25D70716AD8525E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.857{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlCh2.plMD5=175BBE41096CE05AEE77C670D2A90527,SHA256=DC711D2B9826ABBE7EA886B8CE3EB247EE27033CA9863396460DCAE1B15AACA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\_PerlAny.plMD5=3FD806F871A774CCE76F182A00261EB2,SHA256=DD8E8C5399C509AEC084D3CEA1E16D0AAD280BDF5868DAD02430BDF220D534DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\XPosixPu.plMD5=0B175D70BF44D5FBEFFFADDFF2DB0BAA,SHA256=25C154355DF061760CB91D8D0E7CC3563ADC18B492867187E464A487ED32C12B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Word.plMD5=38F39741DE0221A46E39AE8F6A0CE5C2,SHA256=BE905A740567A664775A1D3641C164475C18B07F5AB01E056BB0E5BDE0537DF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\9B\9B38C71E6E2B3B27351A904AC029F2834E0D25BEMD5=AE32B9E77C04EE95B05F1F0ECD75CDDD,SHA256=031DFCFCD6E85A6248D878A03048AAFC4870D1D964451FE12674C80B5E2B7E99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.842{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Title.plMD5=0B75335852E9CF8905C219A3A38C295A,SHA256=0AFD59E488DD7AF3D42D85B5BEEF83EB4317B4E4926F3B6F7C44270B46C0B994,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\SpacePer.plMD5=56B95DA24753C494F53C1B618486772C,SHA256=6C05F7F09CD8C9DAF05519BA63C2B27613F22498711A738B1015A657CB5394A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.826{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\7D\7DF74B418160C15C90B31407CC76BFD757FFBE59MD5=35093B7AF4C34C52E4C5873CFE5BCA33,SHA256=C3E66A496C67784080A04EC4A0C1102D80B2EA94DACB6EF9C7BCF205F9B51B89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Print.plMD5=F1528445487254C59876102E10D02087,SHA256=8CB4BAA84443B44E1F1EFC4D721079373B1219E8AF910A7B04C5FA1D5CADA37B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.826{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\PosixPun.plMD5=C8D03570B9E42D6F369BB0CBC010AC4E,SHA256=851DCEEAF224EACBDFD17B792F33712E482E09954BFB0142DCF8F9C9E04FD6A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.810{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\PerlWord.plMD5=991A2BDE15927F67E1976DE31B9FFF17,SHA256=EB95EDF3C82DD0B4AB42310E6240D892B7F7876B4F8B9D32CB03B7DAABA0C3E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.808{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Graph.plMD5=1765251CBDA946D39C79ACD4B426B1A1,SHA256=F10222103C26BB2A838AB0552CEA86056141BDA301A37C52C39D654D36361313,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.789{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Blank.plMD5=4E1A9B66BDF2043A5EFD5CE74BC527DC,SHA256=1615557F670F9376066955CC612D725213E82EEECDCE9AA80D998DE675379DCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.789{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Assigned.plMD5=58E16FA8CA3FE4F2A16B828EBE22277B,SHA256=E8E5A02C602B797A37B7AF44D2E5DA61D05F547BB013C42509EE6B2E92EF7C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.789{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Perl\Alnum.plMD5=9DE3B219C05550649217B3709C6F1BA2,SHA256=831067F852BFD900E5B69C1940279468764DEE5CB267610B672FD41645089427,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.773{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\PCM\Y.plMD5=823CB8BF40E5E0BF2C965E6150F81F0D,SHA256=0B9F59486772A0FCE001326E985B241CA3495297ACF6E33261D5D11747C4B3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\PatSyn\Y.plMD5=29C90583CA79E0460362E10F84F6A350,SHA256=C5B0FF269F1BE5A6AF9688283F5F763FE514068AA47D446914AB8565BB673A50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\90000.plMD5=4D5DA9F549447AD209F94EE534BF433C,SHA256=51B89D61085107164BC8179892DB4D972C32BFD0C91465FDBADA0153B0F9814A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.757{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\6A\6A9287E3C515614D3797D35528011E0754C1EAB5MD5=2947C8305D120E32B1A67A0ACB763AFC,SHA256=40FB5672CEDB126B3D70CB7C19DC29C6ADAFF1FCA07337165F77E1218D8DBFE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.757{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\9000.plMD5=6521A500609BDCDD90A61B07C0E804E0,SHA256=33D770CB1F9D95E304B581DBD5F785B346A41226E0648DF194099D60AB0B38A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.742{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\56\563338B189DE230AEDF51B69E6D1601FBA40292DMD5=BA21D88A5B03019D57E5DDABA751F931,SHA256=404F56C4179E59685D3020456632AABF0DEE13D9AC40FDE389DDDCDC1ABD8D02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.742{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\900.plMD5=B70544FAEA26EA547C9E74134BAC1B49,SHA256=2D0BF26BE06288D5C7AABFDE27006AFE05308E15BA26A259B16952613734D1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.726{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\52\52FBD0186882E6605124DFB4758D4E3508EEAFF8MD5=5A0D116CDECC94A66F6E8C1C6B14994C,SHA256=8F9CF0CC15EAD240BA34EA64CA520D5E092316A9984F87AC66171DEDF129F712,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\90.plMD5=BEDBE9C7420AAF99BAFE5AAA428E6F55,SHA256=E8B4BAB9F4DD02A717EEDAA1D3998C1EC614487EF52752D4A03CCBB5FFC29D75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.726{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\9.plMD5=02F12923564114F24AA0AA39F0D03A49,SHA256=D510E0FB70E693632E0EB2B3E75755DDDD1D88F3DAC6119B0FE7B3ACE079C073,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.710{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\80000.plMD5=1042ABBFAFCED2456BB3F1050B533B16,SHA256=2BC62D8C091BF79F9B4EBF13A4AE98CCA3B1B677C1D96934D43722D448F885D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.707{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\8000.plMD5=6853D01A66B42FE15135FAF82016270C,SHA256=038EF91FA873E3E43983136BA046A33C82F36D73E189DE28B2EA41B90B172854,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.689{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\800.plMD5=7539D0C59B2AD397FB93F36E503439B6,SHA256=6791157E833A7C7247BFBAE64374B31F5150D4E812C4529A90AA72BB98920DC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.689{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\80.plMD5=DEAEC4236D3C3C8D64553FBABB38A19C,SHA256=4A662F1FCA4993C6065AF307AB4480EB10AA9A17ACB423E4069D2F8ADA569811,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.673{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\8.plMD5=F6997B6D8936ADDBB37DC4C1816D691D,SHA256=7284740F47DAD25B610D3A1530355094777CDEAB8453B1722EC47E76A9419FAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.673{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\70000.plMD5=BF523F7843B460572631E04B07B6A5F5,SHA256=6FD85FCAEA8720C8FFD23CD53952CDDF4A5489B440B01C93AAC6E85933111AD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.657{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\7000.plMD5=5BF0204E7E479C2AE253D5194F286903,SHA256=7FD5418EC1C71B599F8331D05DDA6A34AFCF5DABE6C2F41583765C61D0FE774C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.642{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\700.plMD5=8184F584E5043C9D1EECD0C4BF9DC4C1,SHA256=74BBA087D72873E875709695282BBAD75CABEEC113CE00A4A3B5F78E7D327C2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.642{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\70.plMD5=83ADC2C265F1927A691D61D4111B04CF,SHA256=F47DC70C4240FBF36E5DFBDC73B3869551346F004DBD0136A8A4A711C0A2A863,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\7.plMD5=2995883D826F8BE7CDDEFAD79E6633B8,SHA256=50B7F796D5144648A7D7A6889AD928FC7DDA00C835BB3F7BE5F5280A0FAC89D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\60000.plMD5=7CF0F680E7436579A251763D4B7F9F3C,SHA256=EBFFB4884E1368CD203F9541471F47DF334DE58138A5CAA8149C4100BF242F21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.626{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\6000.plMD5=9A839FB7D4A0CBD2B92938EED1B995A9,SHA256=1FA633A3A3CC6DA0521588D13F6770E7DCDB2798EA605DEC7F8804CD34A365F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.610{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\600.plMD5=EBF7E2421766F5B1B834138A3FC499CA,SHA256=17A5A5DA420DB90AB5B4C17E7B96F5901F6C82813A8D1DC8F0D472F2C46448B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\60.plMD5=5EBB3738B2551496684E7C0192B89356,SHA256=4D6098B627C5716E7B6E853199517CCBF013B714AF4D7A8A96583391AEF44147,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\6.plMD5=828D1DBE34D57E7B41F7DF88F1BCDAD4,SHA256=F22CE6775B2E36CAF2B42338AF5DE80DD7E4BA0607635B1B6C314FBAB9DFB11A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.589{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\50000.plMD5=BC69545A40778A9EA725FC9708AC8EB9,SHA256=32465E42517616AD38505723851AAD42F0EF0BDD04715CD3958A86319E9481FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.573{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\5000.plMD5=54FE3C4898BFB3B1A0D064B782B846A0,SHA256=9580D9FF364091715DF41B7019C75C115BBA428FABC88CC8721A661D1537E0C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\500.plMD5=36CBC81A32691AB7AE10825870C4E5D7,SHA256=6000EB2277CD1524DEDCFCE8EF2105F8BF717AD7FD85FA5FCC907C9970CBCBAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\50.plMD5=F87DAB392BAD32744BC7CE0E44BF104A,SHA256=3F5E923D8D8F72E2D6CEE397A94E4A829CA5F06AA7D705E318BEB3A6E962E49F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\5.plMD5=F6E233DDB8C4349F77112A2B22F96CC2,SHA256=0BC27536CDDF3255E95F9F4D7651173AFB0F9E30B9CE6746096C77FF4A6E869D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\51\51C8A99C2ED44DE841C49BE026604ED72AA95822MD5=E63BE643CD57EAA3E04C7F8082974FF3,SHA256=EC9F91DF46923BC8EFFA3603DEEE383956953C6BFFF543D160DE997E8BA8FCDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.557{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\40000.plMD5=B30610825D8D58F0345364B0F5693538,SHA256=06FD8A0392610679F5580DDFEA34442DF65D050D72A6EF0B09E773AB9311D23D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\4000.plMD5=C2D24B172AC62FAB323A83E9FE36417E,SHA256=D37D8AD6DB8F5B480B5FA1669506FF702B101D7F18876118307EA286A3B47DFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.542{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\400.plMD5=9C9E33E3311A8946A9C72F989A157E53,SHA256=D2A097CC7D0E096B24A8007AA49BDB044DF9F30B6BAE1CCF857F22C6DF1C2909,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.542{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\39\39A7038115AD1E578B15DD9FCB7772C1A83A898EMD5=9D4E0789C0B4D9F59E55C6BB0C80680D,SHA256=CDA8A8380396CAA8BBAACD0F6C2D8590FB0BFBF89AB975636AF6F88C04B8DA9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\40.plMD5=5F336DCE3319AFEAFC7D90F344128576,SHA256=3486534C332A2FFD41339FDBC391044FDA6B0B01A24257EF23551B520CA9940F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\4.plMD5=2E1FD6AC22C62ACE136C018CF527E9C5,SHA256=7D83485D7B8FD7AAA6E737771C285BF95302A350FB1C4AD6198CD502AE7E67C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\3_4.plMD5=5D6B8A947CFB6B64B6CA14814E2FC05B,SHA256=07BBD9EB737F5D176859320C2E2C93070E7CBFBE7F5A33C20C3172350FE46ACC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.526{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\3_16.plMD5=9DFE78880BA0551CB12C4BA0DCD1831A,SHA256=11CF6B9A748BC6557AA447B613AF2B2BAE012A89D315A2EF25BF0B6AF7F06448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\30000.plMD5=705A7B23AC03383DD553AF9AD9441B01,SHA256=09F5B3441070A46B84D155D2A7070C3BC6071B1050683D44B8B8D5A0FEF3FD52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\3000.plMD5=1A28336DA6E878B1D35382766792E0F6,SHA256=373809E62972E1803C8F497B114C7FB83B6E9ABBA251D17259E58297894401B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\300.plMD5=22354AD764B7D486A45833C1F704B71B,SHA256=0318E8DAA4162789AE9AD1F3A322336AD6268A1C5B180304F95046370490FD00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.510{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\30.plMD5=469CE2407DE1831FA0D7847933B37584,SHA256=70404B77104E5128FD22DC73827F3BD3B99EDE9BFA4B2F54C2EB5D56E19E5490,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\24\24FACE5B5CA39CE04CF462ADD690AC401051AF97MD5=5A691A7F6AD7BF736DFA25CF0D0EBD4F,SHA256=7118372FE2583547A911A94FCEC55DA2344335C70FCD7A752277A71EDA9B69CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\3.plMD5=881114E45D74B144CAE9321F38932B04,SHA256=ED433FB682A1F54D076335B3AA272F321079E45D863D0BD060696F62060E61F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\20\20A244C0440ED0B418F454F8A12ED0DE6A8BD6D2MD5=4C03160737FCFE43A3C4700494C37AA3,SHA256=0172389EBCE4361E65A26CBCFE5DC34394C246DB528E0149EEFE5FA54BC726F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\2_3.plMD5=224B98D1DBBB7147E7FF55FE2E054B55,SHA256=96C6F67881AA2F3011BFEA4C2D1481E4A10CDD08C7C93802467BC6BD654F9109,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.488{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\20000.plMD5=7D89A02A11148F4BE0A8C80C20CD9F26,SHA256=906C8C12681C30D1826BCF7F002AD0AE7F3B9F31CB65CDBFB6B9E1815DB00656,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{E01AD230-00F2-4114-DB75-9C788D7FF24E}MD5=6D0E58420DA3F6608C3AB85C17F242C3,SHA256=3257699D305A927937F386BA2C0BF4AF684EA256B60F872771DB91202F2E060F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\2000.plMD5=4BB814C58E9204E14BF0A69CDA365AFD,SHA256=C2E04BA9AA8E13CD473D328BD6A6103E7BF1EC5C611AA0385177E6A8740372A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{DC52B15C-2EC1-5CBD-DD73-0026033674D4}MD5=C06B57E3D22182F44086B0CDDE79507E,SHA256=EB3331CC8C651CB906DB8781B4CFA9E1B1E4616EA003689B1736E05E31F8D58F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{C8B4271B-7753-C4AE-DA75-2DCD3C27A0AB}MD5=5D88DEF616D7FBCF72C30768A03F4FDF,SHA256=D1B0DC9DAAF0751C658FA72BEE234A55A16D893ECC710DDFB742EBD2BA981058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\200.plMD5=663F69E46E77ACB03D7198F445C584CA,SHA256=93D10955335E5DED0606DF8DFCA4F3EC1F52C51B4DCE045B7EDD2D1F6C67461E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{A59C741C-0B17-3F5B-C21F-EE1993E1E19E}MD5=93AE45B3AE2663DBDFE71988A6760779,SHA256=B920957F2A4A53B58BB2B535DC6353361B2AF8205644411DB21447830439B3C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{9CD7968E-5F23-B83B-A3A2-126CF8F3168A}MD5=14E435ECB0B6DFE92B7E1C7D5BDC4467,SHA256=F894515969F882A358B1F3122AB36D135112AC01119E2A5EA786640CB51FB6AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{830143B2-F526-C024-EA03-13DCD07868F4}MD5=425FD4AD38E512C56CD42AB0B11197DF,SHA256=2D660FDBF6ACDF6DB86DC67381056B651CD4EA50D92F4AD226C1C3FDF262DD66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\20.plMD5=6EEA837E0CFD7FE587CB5E842952312D,SHA256=54A1124B7C091A8BE0345A7AA23678B07E3C22C00D92DA6176C3BBEC802BDB69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{790D7354-EF74-7B90-6BD5-12E3B1F9A7EF}MD5=D5E92C3715AE2DFF62F0355BF5864A4B,SHA256=95C0BCAC81B777080EB0F9E6F1EFAC1B6641EE9E1B3260ED4CCBF166141CF509,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.473{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{73788C98-8557-29B6-338F-8559E3DE4D68}MD5=B4466B3245F1E79C435923E7B180E571,SHA256=6EDF05C7632AA456D17FD27F9E6F2451AA4D86182EF4B687D8C93CABF8366075,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\2.plMD5=2219225CB0682074611190A29EC36A96,SHA256=F25CE50E9A1275DD3D256D367C93532BD30317C74DB74F2FCB42585A9590A544,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{5814391C-0379-0644-BCB5-61696E94879C}MD5=4E65FAF03E72E09B37A16D4584F46659,SHA256=6668F207E30330E4CA0FE6ACDE15C8BE8274675B98078218D4730A8167E210DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{4BF2B463-7479-3DAE-72F0-FB54116DE50F}MD5=795339D17F443FE67F946748B235D322,SHA256=A399530FD383441427EE98542BF57AF62DCC8EB884C436B751FEBE4F6EC20A34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_8.plMD5=36133B4C4F17A247BE357719287BBE9E,SHA256=93F5E92006CD536462191EA94225B689E3701D01679ACCA3BF80A8B3A5A4EF64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{4951AB05-CB9A-E18D-0C55-EB74CFE11108}MD5=92D0D9D3AA7F51322B153BBEBF6B6646,SHA256=6A7EE758B14A3D001839BF247411692D159711763D5AA2C076DE657CC10FA973,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{1E841055-9691-E4DA-4634-425E676749FC}MD5=D87AE4862B9B09B0BE35E6C1B4BAFF20,SHA256=A5E438C6E2565DE23429CF29BBC9EBCB50CAAB59ECC67104327515E9FCD78B3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.457{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_6.plMD5=EC9E7B606E00AEA5CF3D2EB78EC7D21D,SHA256=1A31D55B3E656F2CC1848E5866E5890634B74DAACA50D2FD6DEC1F8B84DE6CA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{1C4E74AC-149D-39AE-B74A-B53F4CC32D79}MD5=89ACC76E63829B566EBA0164E6FB5F6B,SHA256=BD2FD026EEBA0D6DEBE33D84A7015D4FF4BB8C61848E16E9BAC6F1B6F469718E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Entries\{063FD797-5F24-091F-2B4E-0269D13D0B70}MD5=2A4338E8DF1B698EA2F246434A626891,SHA256=D9C0AE540FBE575C6ED4D3248B28D003B84E69A92F1BB0AD7144F544C50B0924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_4.plMD5=DA0DCB9026BB538BCC46643DB1F89C95,SHA256=F0B118DFB4EB2C412BC6EBB2D02B224EAF5EE3815ACB122A1AAF73A1BB8CC051,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_3.plMD5=FF6C01A96343050AB67DF7FA409C1B5C,SHA256=CB3BAC4B65D09CAB333BB1C81DBEBFC471E9E6037B8DA37773E1FCB971F4203B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.426{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ThirdPartyNotices.txtMD5=CE7313760386B6ABDE405F9B9E6EA51D,SHA256=73E26404B3571A9E859B3A1144F54C353172479586E0A23C3A7DDA0C1C0AE919,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.388{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ProtectionManagement_Uninstall.mofMD5=72D045707D108D55B76CD70AD9A84AD6,SHA256=30A0AD834D7B3F4FB47010B4BB6905576792E83064E9DD858EABF0CCA17FC3DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.388{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_2.plMD5=F93D59ECF70B0A15397EBA4DD906D948,SHA256=01775760878037D9494F505BE8DA08099E33D89BF4A2855AAE123D631420A8A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.388{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ProtectionManagement.mofMD5=FF03FC94B051706C0B57D1C73933CD30,SHA256=93A719D665159851734370530A6224347159F0FA23B8A8F321123481579B28AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.372{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1_16.plMD5=9B2B340E767FC4594355B2125B6E49B5,SHA256=6BFCFBFB5E73DE9A3972C7A23F68777D3686500EFA71AA8318AB1627B2132E97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.372{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\ProtectionManagement.dllMD5=8B0BBA3117F23F81BDD84D68AEC65A92,SHA256=B5758D2C6C3CAB0745F4E9CF8B9D17BEF2CE4481C2A6438149297FFD6DA0514F,IMPHASH=90575EBCAD810516EE591F80A078E79Btruetrue 23542300x800000000000000060685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.372{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\19.plMD5=59293A8795B4D87E73005BEA50F0F49B,SHA256=339432412337C7A9F26C01E2BCCA690EAF6F4563EB7233EF0D8D1B4118BD1D72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.357{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\18.plMD5=632D1E1E7734FFE47915AECA26B95891,SHA256=935AD47054266B7379EF1B810B2C08EA136B78E25C007DFE6C94D9603D8E8DEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\17.plMD5=2D635E0DF71D5B80DE50D8E827C386F8,SHA256=70C57A8D8A041DB5704ADEECAE1420EBFDD97C082F06F39FB1980F603B07E35F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.341{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exeMD5=77CD94DA15DE9BB02A3803626C999DF7,SHA256=A11B9F5D4FA4C1271BF06B56D653F0BD7FF2323C08A3654FC233D281DC51D006,IMPHASH=1A1A6C24B2E22725BA69163837D402F2truetrue 23542300x800000000000000060681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\16.plMD5=7C0225D5A42DE1800601700390A168BB,SHA256=0875F2766AF84055D2C9386229CC92BFFD28B51C596C200BE726105E680A98B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.341{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\15.plMD5=A1A95463BC1D36A470A2CE58E488141C,SHA256=8AB2C24704F64F5D7890F37456ABB99161A9E562DBF9787BF53DF389832299C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\14.plMD5=538E020F06F620C6D015D56896D4B6DF,SHA256=D1D6F100049488E43E9ED6D21115E02D45C176BF6D1131C82E7D05E3FC7A621B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\13.plMD5=8B64B0342F3778202745E3C3000EB3C8,SHA256=66D8A690B497E4E315A56EA13E6A8B90EC3FE249AED642D7751F3A76C13240A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\12.plMD5=83DB5F7FB8F5546C5972555380EE5652,SHA256=D37E4CD2432EC07DEAF66770DE398B46CAC9339DDC45A07505B179055C755A64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.325{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\11.plMD5=2DC46C8AE3F7ED2AEB3D2B5066A90B5A,SHA256=68D5E1C5E7AA4822410DD602D0309426EB905AEEFE630741BF1B1E64536C6863,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\100000.plMD5=5B57F517B5C569362015653BAD95C6F2,SHA256=EBD8DB05EE4A74F1B3D705E136BE0D9E8456762B7AA2430FFA858CC65910C5F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\10000.plMD5=A4FBDEED6FB7B76832E4C0C5A91614B1,SHA256=4056B98BA42A320674D56FDA7F4EB632A4F684F4998FDE167A6DC9A8B94980A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1000.plMD5=1DB5FC1A416E3E795B048913B2F932DB,SHA256=7B626A22BBF0543BB751C7764A185F75F1BE7C94F8F3DC05DC91C3E7C5ABFF21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\100.plMD5=45186610AECD1888D420D43212A23E05,SHA256=FCD944FE69BFB276917A5D0515545C47CE9D83A2CCED25986394B18054942820,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpLics.dllMD5=B12C86137A1BA742738F7EAB9A1818BA,SHA256=D35ABBC49CE9750FBECEC13FDB8195409B085B4C8085D24BD91E73DF14E8E0ED,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\10.plMD5=E93BA04AE1B478343576FE2766085687,SHA256=BB240ADFFE5F78C61AF404063B0175486ED8C475F19CA46BCFB5F9FD8F4C953A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.288{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exeMD5=D8A7203FFFA4097D85746A2581B7D884,SHA256=A7C1FE30930D982D69CC263076142EDB451AE896B67EFBCA347B54E064C93BB9,IMPHASH=99C98AC382B2B1D56BA3D07EBC95CDEDtruetrue 23542300x800000000000000060668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.272{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\1.plMD5=206CFE8F08BA7F41AC25674100BFFED3,SHA256=D9464F946C8A3C330BE5DCBBBD8FB74769A49ADD764B6FA00A2CA6B2914DDACB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.272{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpUxAgent.dllMD5=47CFF59698E78A319D18B813546BA512,SHA256=8656A963B5511B096CA65E3E9788D8B827751426380E0D93896B86BA05BCC7AA,IMPHASH=32558E4AF479B2A1D13F5DA57D6FD400truetrue 23542300x800000000000000060666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.272{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nv\0.plMD5=8264F6AD447AF5E76697AE212842C2EE,SHA256=87786633FF5E25F0DE2172346196306ACFDD207C695D6BFA3EC97CE64BFBB303,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nt\Nu.plMD5=41F428C2386E861F6249971D845F958B,SHA256=37F535746458181804377CA9D0745CBC598E29F5CC6DF48184ABCBFD9CD9CA45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.257{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nt\None.plMD5=D0C6D600D5F3087FCD3C8BE3ECB646D2,SHA256=3F1F68B13B902BB4EC8D82711718FAFCC64B8E9645781B72DCC4D7C6B0FAE569,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.257{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpUpdate.dllMD5=6D9E4BD858D0FD048EAF8B73159E7304,SHA256=A28883348988BFA82F1505AC6D89ADEF6769B10DAD86042E5E72C15A71E35FE1,IMPHASH=61AE0536E72E995FE5058EEF5884ADA4truetrue 23542300x800000000000000060662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.241{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Nt\Di.plMD5=2279E425A50307C81E76F68E9ECDBB10,SHA256=9EEB7E459166BFCF74A270582A6ABD187DB1F9D32CDBF2B67DEF4B782ED6001E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.225{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpSvc.dllMD5=D038BA7B52FF15E0F7373460049321F2,SHA256=E0404F07E33C24D661FC67830B282C0CA0E64F22474ACA3E986B6D5D9FBCBEA8,IMPHASH=E6A69A0AD2CAB38614D078683A73C876truetrue 23542300x800000000000000060660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.225{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFKDQC\Y.plMD5=8FAEB737581D14C7F015A3DBC1A9B697,SHA256=7087A679DEA02E4D3BD26DC496E028AD5B6D3F470C71EAC12365DAD2E32FB444,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.210{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFKDQC\N.plMD5=0B1602E47EAF03C7CF261A3F450F49C6,SHA256=300C4535BCE5B68D63379A31FA41CF3CCAE479815E741E82049350F15D5F296B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.188{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFKCQC\Y.plMD5=9254A457EFF6114C0D8FA6FE5576E5EE,SHA256=BC0BBB018C99CEDCFE843380DC3E73BD76E260A4D6D3225BF6D7235AB3483820,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFKCQC\N.plMD5=EDB4F40327323DA7D18D951DD8391F7D,SHA256=BE09F0C7B3AFC7BBE257EB49CDAC550F0856694C7EEAE72389958D95F6074A0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFDQC\Y.plMD5=26F7A9443147135B0A0C6DFCD8162D9A,SHA256=871A018FCF9F8E86B2B4BC6E4B2804715B45B8C92477BE8CDAADCB7D9B2A0240,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFDQC\N.plMD5=2CB3CB33FBD00D4C9E858EE2F5521D15,SHA256=62128C47437626FFAACBB2A9765209C755200007772763EBBF40A388BE340D6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpSenseComm.dllMD5=C3F2809D797FD605F846D62B15835293,SHA256=C2D6474F9FB7CCB07CABACADB2784AADDE5AA3C438FFBE6BE4126B1AC5F4E4F2,IMPHASH=0C1616327A61C6B75A3A0F7F4F63D53Dtruetrue 23542300x800000000000000060653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.172{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFCQC\Y.plMD5=F4740C5D36D2D53F2CEBA27414FDE4DD,SHA256=3FB239DA173313EAA41648028A8CC5D2D8594EA5C29AF2CFA7C170C7D6C14ECD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.157{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\NFCQC\M.plMD5=CF30AFAE1D47177F54FBDE3F51EF640F,SHA256=5B603D517A761C66C27427999436B3B50C5E53104D5570DAD3932670EA6775B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Math\Y.plMD5=A84C011A3718FE2BD231831A5884DA6A,SHA256=B223F2DE5592C56A62F48ED87BB39FB69FBCA892C40D0477F5DB78445E97B4E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lower\Y.plMD5=4E0F7C8FCD009AB14613468B676D3459,SHA256=82C1915065AC422F7C8AC3F2D456E12EE01C2C6038299EBA7B8EC3CACB19414C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\XX.plMD5=3FD0BF5238D4D556FAB4EE6B237A88A1,SHA256=F7389219862DC0E69AFE745B4AF2DB49EF1C646794413037C7EBD6ADCA8BCA3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.141{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\SA.plMD5=5612E5EA1BFA9ED67D9281088492F900,SHA256=74C34C26EB1F987F0769C99E49FD20276ECFD311B43F6554F209B0BB67859118,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\QU.plMD5=6C50DE084B5546FE72D9F479A803155B,SHA256=EFC5DD7A35CEDB8FCF171E67583D72C0F213D5218D13EAA0D72B616DBE0A7F5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.126{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\PR.plMD5=CCEAFD60D7D2EC71417B117E89E5CF2E,SHA256=49A6AAFB5C5B45A05D6308951C7B649DF4583C3E189EDA5A2BE0A8087BA1DAD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\PO.plMD5=0853EB0EEDC59F9407DCC23FF830A68C,SHA256=47A31DC9A28BE28E4BFC5EC982A3310536DF646644793DDDE74439889996C8FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\OP.plMD5=5979D053EE5FC0B965CBC7EF66A618B8,SHA256=32F3BB90D4D0CEAFB1723CBE567F6B6A9477A8C92DB2F32A789FFC6941AF034A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.110{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpRtp.dllMD5=25C823829EBE564946BEE8CED618B656,SHA256=85A5C9E06A70F4BBFBE8F72F27ED3460627D85ECF1867DE7CB979FA776883444,IMPHASH=E267B2123A2B15425413A946734E72DEtruetrue 23542300x800000000000000060642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.110{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\NU.plMD5=535363AC2F1D5B0A2757AB6D2A4DD6F0,SHA256=3E304E1B9F378109931D35325F977E504023C5D2B41946C9D69D9F5732FDDB25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\NS.plMD5=411B551EAAD8F35A8608EB6291F5AEE8,SHA256=9E970F5D356FFD345AA03C4CF9C2E501C29A91AE34795BA5F065E6750BA3AEBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\IS.plMD5=693D26CCBDBCAA98BBCFE7927DDF6B29,SHA256=4AA9941C2B33CE50EE22D0DF1A12D42521F4711EA7CFA8ADE1BD25672FFEFCF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpOAV.dllMD5=32D965D3173257DE5E2BD5863EABB843,SHA256=8C07CBDCE785BA67910529F55A9A857877E691559ED07634426BA6EE8278B635,IMPHASH=03EE692DE6217827EFB332DB1F358A4Ctruetrue 23542300x800000000000000060638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\IN.plMD5=D6A5DF06369E3AB235EAE3EC67EDCE6F,SHA256=81BE1DADAF4DF2D94AADB10BF66242C1A9C423AFC8E59CA9C285F5733C52892F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.088{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\ID.plMD5=E49B8AAC1BCD15189224DA2D5C20EE96,SHA256=B2B9CE7F6EEE7D06287DF23F26BD3607F53DEF3BCA4C734E806239BF7FCF15A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\GL.plMD5=14EE6FA92806CC80E4DA0ABBD643DC70,SHA256=106209EBC1A3ED505C358466F690B58405EC0FFD054CC5A7E24F164BF9D5288F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpEvMsg.dllMD5=C82B528CEB56D361F292AE8F907B2C77,SHA256=06DE4F7606D61E202663929441D7D6E60CFB0AE982479BE36C0B5EDEFF98C84A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000060634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\EX.plMD5=80E7EF46A05240A53066BA3461357357,SHA256=DB25D62DEA2A788114C45958CA0AFEDE34CC59DCA8C8255BB6E6D588AFAA7F11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\CM.plMD5=0C372BAB491866A679FB075945F839F5,SHA256=1AFBF8D51D9226EF279B2CB985BCA0771405E87074E533106A5813482683C93F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpDlpCmd.exeMD5=B1B5421261A9F0274434156111C7A0FB,SHA256=940FF74E86479C611D36403801F94576E42CE50C7080F4ECF4EF76D518CA3DA5,IMPHASH=73B146117A6C5C4715CD7F3710845C83truetrue 23542300x800000000000000060631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.072{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\CL.plMD5=41D33BD866DBEEF9C32BF4A77FCACAB1,SHA256=CCD0977B13BD6C5CFCF74709644BA727D56AEC2C58958CB480A195EDD6DB4BE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\CJ.plMD5=011A5C23805587F6CEE1A063DF5D40BC,SHA256=AD9DA444144420D002B17E22412584D7F3244C48B0DB4BAC4F20B98486AB9B38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpDetoursCopyAccelerator.dllMD5=10BB9EF88771ECD9E3756B04D36F4739,SHA256=9FF6B5C36C317FC4F91481315F9216CDBF1006CE7026FB7A3162720B89123DA7,IMPHASH=F50111F80E604507B2C7408826513BE5truetrue 23542300x800000000000000060628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\BB.plMD5=D436D8A2744B078CE06CE93468758D17,SHA256=2AB039D4D775FB1EE5FF3D4E5A9D066C772505F36892626084816B72FE14D7AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpDetours.dllMD5=AAD4064B21497E7336FEC522F183DB6A,SHA256=89D85A3DE418F8627D4FF5771BF7AA7F5E01894C9ACDF87980578B0F4910BA4F,IMPHASH=89C33082A62A5A6375336153F8B37410truetrue 23542300x800000000000000060626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\BA.plMD5=4204149CB3BCF2DB846D911025560568,SHA256=33207A7A11BBC3BFDF19F91217524829FA79BBCB595C4F30FF7F7A596A696E77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCopyAccelerator.exeMD5=A5ADED1FA195C016AAB89CB253C2073B,SHA256=9DAFA14CE9A36C1CC3B1D9910784657C2E8587365BCA59328B2B23D32B5A9DDF,IMPHASH=2E64BE4FE96382B4D9FDBC155B3FC191truetrue 23542300x800000000000000060624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\AL.plMD5=693416A4EA5E73B956736AFB620BB225,SHA256=CFE04E40DBC5367FACD9D8E7148579A418F8D3D911965426896DE9A6A30D956D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.041{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Lb\AI.plMD5=E0A6C921DBB79A0E8F3E4746D62A52ED,SHA256=7A73084E7C7EF8675D0AD26A3E7387097A6DA9D36BDCD590C73622B6DAEDA492,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.041{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCommu.dllMD5=2DAD4ED3FC93427314D0735E63107815,SHA256=A25CA1BEBB54B60A4D5672BDE7BD27A660D83C7E155A8FE6EEA5F02C820B4156,IMPHASH=AD5E342A18927A2111489BCE81EA6EDDtruetrue 23542300x800000000000000060621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.041{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\U.plMD5=C222FBC036B8DBA63942E55EB485CAA0,SHA256=1B7D52C840AE55741420F07B699341DA2085D1DFE3F0E1AE843BA1B6CEAD56F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\T.plMD5=8AF951ACE16EA91043BE2F8D616DE73D,SHA256=885A248C8509907C7FC7FB4831C8CD353E26EF297D55EE9063AECDDC4609283A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.026{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exeMD5=3CCE296373EEC3D26440C30976CFA9F0,SHA256=9A8CD75B33515D8E25E8889AA06DC7FE2402F67762E7CF516AA1DCD790EE41EA,IMPHASH=BFE54B9A9FB809E3964F535FD29E3413truetrue 23542300x800000000000000060618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\R.plMD5=21BE8A4BD8C4B71B02AF8AA6047F7D23,SHA256=7B21363291A3171A85D3D556D4B1B05FDCB6D67EE1B0729BD3CBCFC2FA5D9DAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:37.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Jt\L.plMD5=10E7A682E190A4604FFC7B7533E2DFF6,SHA256=94FBA59A80A2F4293946659B1384A911CE41AA8FD019FEA1312698E90088F074,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\4B06CC29-0000-0000-0000-100000000000-0.binMD5=C1F2937225CED1B8A6BDFAC3796C25C1,SHA256=D985F08DA34FE34EA5441CBCA7FD47FD6941FDF2ADC4732B894E15BBC5B0838B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Shrd.plMD5=7330B9EEB1D699E748D972B2C754D4C1,SHA256=671056B7D9354FB1F0C1956211BE853D93FBCD459BA892F670C040D93C0F67F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Rohg.plMD5=5750D976C60E262453153152216815A8,SHA256=6A362C8D18F7F7DD348EAD043BAE4B6C86EAE1A003DB52567DB0BFD8667FBBCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\48CC2F57-0000-0000-0000-100000000000-0.binMD5=723D76EC79D0E771FBE24FF9C746A857,SHA256=4DE737A13904133AE5AF425B545B6D315BEA4BDB148D62BE98AEE1EB331E5FF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Phlp.plMD5=44D7B371633B71CAE0EE116C405CB943,SHA256=8292D07FFF755A2981F2106E2E4A9B37A7CD3B69BBAF5D5B7CB2CCC1F1911467,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.965{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Orya.plMD5=781BFA15BD9F81566260CC577F70FDBC,SHA256=3BF2B0E63F21268A45A1A9638025D3535060BFB426C3D86A01A53714387A7B39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.965{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Nand.plMD5=016050BE3A3149DA2A155652EE2D2082,SHA256=C3425292C7B568FF96CEEFA283CF76D338E74DAD834071A7E0DA29B05C63D8C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.965{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\41103BDC-0000-0000-0000-100000000000-0.binMD5=161E959688CC117F8E2EABD1596409D9,SHA256=E4F025929C4A721F9F621F483A6553DCDDFAD0F7761ABC4049047D810A5B5B95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.965{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Mymr.plMD5=39EC642FB4940921EC68F3B8CF28B1B4,SHA256=011A3928E8C4A7FFE605672536FFDD27E5FEDACD1A81B3678EFB36040E00F5D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Mult.plMD5=CF37CE4AB26B900BE5B768CB88AB8616,SHA256=AD6841AE5196DDF2D31766A118E4B9F71696F4CE1151126BC57EB5D76F16A17B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\3CB6EFBD-0000-0000-0000-100000000000-0.binMD5=1D4C805C11D5D62F316FAC2B5CED1006,SHA256=5EB6C2B8A1C365FBADE4B17062E5559B797661CD844ED50E683A3D161C57310E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Mong.plMD5=06664287EA2678E9E59615173D0C8C68,SHA256=C697169957BB52526A00C97F5572A795F0A8A74DA534F900C371439185A2EB45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Mlym.plMD5=4B54BF3DE2420CE4353EAF026DB528C5,SHA256=B2E87333102FFD186EBA3E18520760F2D3283E917E608962E28CCAD18C84E8F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\39DFE5EA-0000-0000-0000-100000000000-0.binMD5=599971CBA9CC60813683275AE755523D,SHA256=BFFD1353BD8CADE8F3515806163D9989ECF60E12C8D9493E64D5A21B1CEA8022,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Linb.plMD5=6FB18E4ACB2730883EA277E6A6DFD1E5,SHA256=597A6E54F5F65DFCBEF1596DEDA1A7F5D03522C3BE031B2F0454FE64378A7C10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.528{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\3056F574-0000-0000-0000-100000000000-0.binMD5=282EC945EEBFC6909DE2E4BF7802E2E4,SHA256=E113891375034ECE263D55509BEF6B8831B4DAA4A3A711D123E80C2E4853F44F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.528{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Lina.plMD5=DACA571F788A2C7723CD796706ECCA88,SHA256=E041ADC51FA3F69523436DA47678377FDDD2B7DADEF421C1F90B219E64383356,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.513{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\2F5B0B75-0000-0000-0000-100000000000-0.binMD5=FE7A9642082ABF3A5AF28C81663B5BE8,SHA256=CD352F67358609649546BF7259880FD48B7D52195E2AE52B626015C86980028A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Limb.plMD5=A0AC6CE8B68AC6058A2CE34A7BEA15D9,SHA256=288B856FA5537A6EFA185B74FA1F106BB20D6FE72E3CF07B7E1BC9A374F22F1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.513{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Latn.plMD5=1C65056C72AD87CD7F2DB77C47B9E89A,SHA256=DBD6BC100766F13A4FCC306EF97E07140A0494DC68E85677F0E70F94CABF0BE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.510{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\28ECA76B-0000-0000-0000-100000000000-0.binMD5=92BC1A04A7DB0722386872FA3565CCC1,SHA256=82DB5C0EC2B60B51ECD716CBAFFDA5EF60F21F51C9BE707570E3BCCEF7F7E043,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.509{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Lao.plMD5=D135F9A92A0C05ED372A4639FFD194D8,SHA256=F5198C93DB957E521E963503A57280A58E82755B9D68A5F0CBD0225913CCFFF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.491{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Lana.plMD5=D0CAEA9535CA8B8A854F1A16F93D3AC8,SHA256=B67687AD16EE49DE4DAA8E164C33850735033549EF0793A6BA6E03D59B54CE0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.491{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Kthi.plMD5=3AB26343EE3AD393F3DDF14263EAA42A,SHA256=F8AE3A30BDB174AC4419A9D9C82F2EF288494E612AE2523C714C2D19158CE166,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.491{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\20F281CA-0000-0000-0000-100000000000-0.binMD5=450EFE1902D2D02CAC7713543634714E,SHA256=9E02E84882B9E6E516B028CAC2CD86C169B24ED91B490022AD959B0D58DBF92B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Knda.plMD5=A0E766F10E3D0F3D22A71E9082AFC34C,SHA256=BBC67CDC16C4B73831C6F040FC5137DD765DA0DF696878D163599DCBAAC5AD63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.475{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\1E505DD4-0000-0000-0000-100000000000-0.binMD5=6AC78D081537195085D3541D0418D0A2,SHA256=69C2CC06CDC04B85B6570E14545C64F2BCFB35F8C8633C4BEB873E978B811A21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Khoj.plMD5=DB6B6A61895E35E707D1C258085FAEB8,SHA256=BF1D062C77B793C8144C62433AE3C3709E67AC90A3AFA738E3ECAFE3C2C40C06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.475{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Khmr.plMD5=577725AA91F761450B34EFE299F76509,SHA256=E41057926F3917F9EB86A4A29E60F11476EB642A7269D652FBA9DA4D5B544FC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.460{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\1ABDD9B3-0000-0000-0000-100000000000-0.binMD5=8CC1D37BAA452800BC42F4988012C9D6,SHA256=684D033C9540AB535D2BC28861006362BD98297DC68892BB7736C1B228D59684,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.460{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Khar.plMD5=8B9BA86A2221750AB9EB5B42B38BA5B2,SHA256=66488D5ADEB0763895BF6495DA0CEBDDFE9F4A4EE483B39D7B541F61597FFC06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Kana.plMD5=88085882A5E0551C08AC63DAE0FA7874,SHA256=200FF9134C8457F833DDD0C89E0C27E179E4E9CAB44D48A8A08A3BC301B7C684,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hmnp.plMD5=A750FB521949ED781E43C82E56BAC182,SHA256=EA593597BA626827C9ED311FF17E245B537CEB1BEDA315665E027A26BE7F52A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.444{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hmng.plMD5=A8A4F2F4E9D92A9E5FE3C7D2C40143E0,SHA256=24D714B14EC1D39084E3313A81A1E81684C325C4A1BB9BBB7BD1CDA606A1EAA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hira.plMD5=104B0FB89564CAD667BEE75E809B5D4F,SHA256=E0E01F82349ACD78449E908D274CF131DA69ED5B96D80A200C3122418C2D4468,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hebr.plMD5=96E37F4DBE5F61F35E9BF89488B349B5,SHA256=4BB895D4FF3687F1CE69144C86405AEC2BA1B8A94C06B74F493BC5FB8D3C307A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.428{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\18AADCEA-0000-0000-0000-100000000000-0.binMD5=3A89A0BD18E5062B20B1F5188B191501,SHA256=70103A46383F67DEE391F9407CF7FCEDC67AE6C83C4AA11315367EC5563AA2F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.428{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Hang.plMD5=BBB07413D00757849CF7CEC9FE70CDAD,SHA256=E2310B66D9DA032693FF05835CC1D35EBEC5A953BD106030B0CE77CDA467C322,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.412{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\12B34F14-0000-0000-0000-100000000000-0.binMD5=FB6AF23B50D8668EEEA51F7BFF19717C,SHA256=AD92BAB3B28D0B3C99649F9EFAE15636B91E745DF2E37283AE8FE29936546727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Han.plMD5=823C9736ACDE8C2B2B8ADA16E19F2241,SHA256=133A7E4AF4B1D202796F9E6595C0AC7BC3BBCE698EDDBEB3386FB89B1269634F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Guru.plMD5=83A5E63CF764C40CCC32B86B5FF13AFA,SHA256=E0191735C76D333C34718134E64AD6950F218CCD89457A0300DEEE2C38E7AB87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Gujr.plMD5=E49B077764DD74799BF2249E779D525B,SHA256=EFD43661533BBABF16CD5618A34247CE94302220D42EF0B09F5D0B91F073ACCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.411{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Grek.plMD5=B2B16BE8193E8A54B92154629B718950,SHA256=853B2FF385D3BDFDBF5C6B5583965B854DFDD00D95FB0294E168FF51A040C6B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Gran.plMD5=291441ADE553F64732CD0B781B8B584C,SHA256=FD662E9B3456F674B56F56925EDF66626E7F55A1507054F99C1F30B300B7C627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\10C99B01-0000-0000-0000-100000000000-0.binMD5=FFE592AF3F2C00FE33FEEED7E329B540,SHA256=19BCDAF282E0B2FF371AF0A8ECF6B0F15B88DE54663831BA21E2D24B7B91EAAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Gonm.plMD5=229EEB5B35910D7591FFDE794933872C,SHA256=E1B6DFD98025A86E795E6E2F85BB38EB66BA19EDC37756CA0564FFDB9A8F227C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Gong.plMD5=557EC85391ABFB580A4129EA34732111,SHA256=D29910670A32F0C355976B2DD0EE8F9060198AAC056BE0B1A6A17EF7DE0D530A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.390{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\0ED77DA6-0000-0000-0000-100000000000-0.binMD5=031D12379438525E4DB69197C2B1418E,SHA256=CF298A1CD74A138A61D04347424F399FFAD0CFE44E33AA4BFEADBA8FD66D43E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.375{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Glag.plMD5=A5E1AD215A99F8FC746E55A258215C8F,SHA256=86EE3A0ABB0AA030D955467369D2CC295CD0EE43BB0F714B32FC54038D017713,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.375{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Geor.plMD5=E9850F85B821B9A11A1FBB32B42D6B57,SHA256=2E23B50987AF747863F57EAB7F90E67B4A570D1B5B83D350F8ED4400EBCF09D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Ethi.plMD5=3843F21DEFA472EFBC05FD8E2DE7AD20,SHA256=4B758BB0D3B89C9EBDCADD62B0EFAC3A5DB00C43140D60A03CE85D5FEC386927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Dupl.plMD5=081B320DF1CCDFDB0C8620FE63864023,SHA256=E9488E9C8D38AC7BCCBD9F85EA1101EACD3E2B82F766FA71F5F99191A5144C6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.359{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Diak.plMD5=9FFE099D4ABDB8B5755EF5A3740C9DA7,SHA256=90ACAD943289605CD7439E0F6A97BC23E10304886F9EAD7A24F686FBFB3393C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.343{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\0C308890-0000-0000-0000-100000000000-0.binMD5=17476C3420D4211975B9D8EB96BE2A1C,SHA256=78B3E2BB2258291BE6C828C634B98BEC0F6FAB3CFFF6EC2257FC2BA0369573F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.343{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Deva.plMD5=C2B594F39957075E7E56396DCA714592,SHA256=0F683843AC0EDCA511837CBA6AD0EB003EFA4B210E64234CAC3A8FF8ED6AB336,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.343{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Cyrl.plMD5=882451BD084664D1E12F6EF2B54052FC,SHA256=FB1995CD7BF4F810A03C1EE913874D70924701A17D94E312AEFF91652F3A001F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.328{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\0B0FA0BA-0000-0000-0000-100000000000-0.binMD5=8B6DC308D2921DCB5A9E7ABCEB99F4BD,SHA256=3F8D02754ABC33C538F22A8758F95E35AC0EAA154C0B90A99D3636DC0F027050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.328{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Cprt.plMD5=B2FB083E144CA889CDA962B319F707E4,SHA256=267E2ED1DE66B531EC13587E39BD9C0FDE2BDED7F17F1052865C40EBB4B947B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.328{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Copt.plMD5=E8C7505648992E828BFBE022C4B59107,SHA256=11AEB68FEF714D033A5322E9D2A7E2C9F565F047BA1266C8D8B0F27C50947018,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.312{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Cham.plMD5=FC3B187E20B527A4CC4B45B4765772C9,SHA256=48C3F072C167EDC52FD972480CBE7E10A0FB9348348E80F241B2FAF7A51CC2E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.312{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\08A9A161-0000-0000-0000-100000000000-0.binMD5=B632E7A40E029E22ADBB5948A02073DE,SHA256=AE870B4EC58B491273D26A0DAF2EAD36F1388E8A1A068C256509F2053B0455BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.310{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Cakm.plMD5=6F10E38975AE07CAA6E57E42DA5CC63B,SHA256=1C2D15CB076F45619BD0C8363D6D503758F457889E061D96AD48B8AEECF3C604,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.306{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\05A2C67C-0000-0000-0000-100000000000-0.binMD5=52D81ED854D8539263A463933AA9238A,SHA256=B783770BCE621CFDA1F22F1C59D53B33A543785DC09601757A6F3D3E2E6CB9EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.305{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Bopo.plMD5=701A2A9F9A86B0C9DB5277E590F9F3BD,SHA256=37AF7F10E97CE1F5DFEA2BF036ABA3D639685680BB89B99949B1C3F7C899D022,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Bhks.plMD5=92839EED3301EE6F1F7701843CFBD69E,SHA256=8753CE464E2C9AC3D6CC37610EB2829C1EFD5405A0E0424E6BD2A29165AC3004,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.290{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Beng.plMD5=0FAC7E8DD7654337301A2F24DE40C24D,SHA256=94297B2C381065B79736493FFDC84F8C4FDF89AA66BF85C7A38AB8CDECC45627,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.274{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Armn.plMD5=FEBE57A423CF41DF277335DC20BDF768,SHA256=A4A90A6FE3FC80BA92927AE109B3E24388CD67925D45D4F245792A2164AC7B8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.259{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Arab.plMD5=EFD4D35E0242548820B6E90ACAB51E7E,SHA256=AC6A96D8B0883631C451B9EEC189866F7AAFB3F297760844CE9587286F34D359,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.259{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Adlm.plMD5=848385F76ED7011F2992FE092F9BF56E,SHA256=197345E489C188C23B283652C9E921AAD9C877B95DCA6387BB3687114B419423,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.259{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Zyyy.plMD5=B76D478A695226111D9FBC706C53BD5F,SHA256=8552A6A1CBA3C7EC87A427DEAF967DA40BF8B27682D19B0F155F2327525EA940,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Zinh.plMD5=88BA3EE60FB3E7457CC4D5146632D19C,SHA256=2EBB8E035AB5ABEE6BF349D303EE9BB3FA5FFA6DA8946C3E109BEDA7463AAF06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.243{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Telu.plMD5=57E33D8D88C459A1D476BE8E064D1412,SHA256=537C73F8019DB9C6F877AEA4AFCAA67F5C2D01C7983BF4C6662920C73C3F82F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.227{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Taml.plMD5=116F14D83615B6813AA3A9F9D65681E7,SHA256=5C166AF0F2CC2CDBB5993F09BA9752734CD80C4654186EEE462DDB2C40B48BE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.227{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Syrc.plMD5=FAEC9B8F4EA81F9658A0AB14B310BFCB,SHA256=5225DAE155EEBEFD51C9FCFF6763EFC0BDF5ED271BC4A7CEF6FB11EF6FE969C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Sinh.plMD5=C1FC07ACA2A56163DBF4CCA7E7665D46,SHA256=E193AAAC2786274B229D0854837EEAD0D7A7168F3700EF465001BC45FC5E6907,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.212{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Orya.plMD5=A3CABC8B52E171964F3E36A9B0C2594B,SHA256=7319B030FFD8D2DBA604CCA237D12F9BB368BCF182EF1C3030920C9FE03A20D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.209{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Mult.plMD5=6F778C87D7F2D04BEE97B05F33C50710,SHA256=C9DBFD081C8B01FCED89722E8E83A7EBC1DAFEE8B745378536F034FB66A52EEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Mong.plMD5=CEBEF659E7CE81E305C7282B617068F0,SHA256=2C7F813619AD0C6C5C6567B9CE2F20636CB89C41CED846CC5610550212915650,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.190{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Mlym.plMD5=FE5E260E46EA28101BE9402A9C1480A8,SHA256=1AEF696CCACF4F621FF8904473B36AFDC47EFA2E76440953D71606F9B56D02FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Linb.plMD5=ECB5402356F0292E72B14E867EE03BAB,SHA256=0EB418B09B52341734789338CE5D4E35C25DC150EB6E909BECFAB0CA895B44C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\F1\F1B962CF2939030C15C91226D97B9EEB9649A04AMD5=CCE5005C2410A3E11E8FDBA5D42A5D24,SHA256=C3E02C76B3B0484AE3FFB71E45D79F0F5ED3837D44CA4999DDD1D5468DF09358,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Limb.plMD5=7D9D8CDC1E3E6B5112A361C74654E15C,SHA256=DCB8FC2FF837F514BF43EFE5AC686EF6AAF9726752D25328B72727714EF71CC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\CA\CAC50F6B11D80BE2A0467166E0BA108D07410860MD5=730D5AB503DE35709DE99D7914D1429B,SHA256=2BB256392B538C1365BCA5CAF32E93D4875CCE975B761399EB4E4F98228D6856,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\C9\C9C133660468FD1D9905F598F5052DBB01F42EEAMD5=0BFB64C70DFBE45EC596985D0F283E07,SHA256=86EFCED762A03840D63AEC7D9AD2DB12926719A722E1D9A91C74D37FD0C43B10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\C7\C70AD53E38BCEC126D90CC89968CE3D4FC05100AMD5=E4A77B50DEA7BBA3710C67CD5D3298E9,SHA256=4C2E11B627AA35B13D91E4B60FE4CAF0FAFFBD933F13DC0E9BBF42CE1974CC50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Latn.plMD5=17B886311A87D7622B85B1904CF6894A,SHA256=3F55301ABF2AFF350C962FB3FF0BB7F76097E10BCFA46E21F1F6D97EAB0DD034,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\BE\BECD026FFBAA428FA50056A7BA0A990F009175A1MD5=9F4C197E74390A750461FEFC369E6AD0,SHA256=573D69DEC7277A300247A5986E4C5E86277C550180FBAA77D41F72E78F66E92A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\AC\ACB1D7CE5E021B164F4FECF38080A056B91F8A25MD5=208DE6EFB2C8E905577DFBB0F7435D10,SHA256=824A954C45FA623747EC78DD66422B904FE8B180A18C37FBE07281157A2DC02D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\A4\A4BF3C62D5997AACD71E8754DB2F62B6443C58CAMD5=4D53CF31842ED30320686865DD70577B,SHA256=851B4A2501E587CDDCB4B4ECBE289FA6A270CE82CEEBAC6AFAFF3CE83890E0DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.175{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Knda.plMD5=A0DFCBBC8C1F0612D9F8CFB9F725EF7B,SHA256=4D2B21A85D58D39AD66922FA32ED739B8F001F1760A9DA47BCBC4F2D3EE3CDDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\9B\9B38C71E6E2B3B27351A904AC029F2834E0D25BEMD5=B1E3A09CD3D8E3D561382B94B6CF0F11,SHA256=E9823092435C8A3F676A81EE273CE132655D0B14C8F9D6C89C8B7E4B98840E24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\7D\7DF74B418160C15C90B31407CC76BFD757FFBE59MD5=B10F0C3AA065190C66538FD2E3D0903D,SHA256=84720CCBA1EE6DE78E8B6F2402EEFF47C1DD62EDBE0A844C344444468E9278EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Kana.plMD5=3B3940B78622E1195EBAD506AFB33A0A,SHA256=5AF56AAF223EC717126FD9DBDFA8578FF2623973795C70677D0490F5053EBDB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\6A\6A9287E3C515614D3797D35528011E0754C1EAB5MD5=377661AC5332EB10990B16C0A69B9365,SHA256=D3290FD60DBF75E35F9990535B116576B63C8A1723C44A5BF566F621EA67E979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\56\563338B189DE230AEDF51B69E6D1601FBA40292DMD5=33CF85BB9F127BC00977D08F56E7B114,SHA256=EF27396E3529C199D6836B820B6476F0D72233B2302471099BC80B38231ADA1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\52\52FBD0186882E6605124DFB4758D4E3508EEAFF8MD5=536E9DAECF442DE643AEDE99917C4423,SHA256=FB112358F53D6D40C301C83D7A64F90F2F67DB38294B7575ABFFBD28332E75C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Hira.plMD5=CD4D190312FB7C65286805C4C760F59C,SHA256=565D05C9C153DD6AFCE70F0E16669E1EF8CACA055A82EB20F77367367AAC8FBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.159{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\51\51C8A99C2ED44DE841C49BE026604ED72AA95822MD5=D4CA183D804602EDCFCBD72C46CE01A7,SHA256=5D74C9BBFEEDFE8A22D66C3E65DCE38AA819EE3A89F8CB9688A30F0F559A84CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Hang.plMD5=11052C82030197FDC3076BDEE68DD5BB,SHA256=EB95A4F50CFEDA02E79F699DA7586795B5CEA895BC548EA809A0E98F65514CD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\39\39A7038115AD1E578B15DD9FCB7772C1A83A898EMD5=CD581A93E42EB5D5C8F44CD2CCD33B47,SHA256=023A563C8C88BEEB4C6CECA3F2440FBF105AEA77F2649473F2F0749B8D752FB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\24\24FACE5B5CA39CE04CF462ADD690AC401051AF97MD5=9B2891268BACEAC52602819A4C31DEF2,SHA256=297AE80C6A1B2259A880B59C457EA994B916DF937F047027B4804F68C1DE4BE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Han.plMD5=DB4231A490A9F2989885E1CB3029FC31,SHA256=7345E59ECFC94811C21DA693AD515B932BF35EF9B8AFC4D4E5C794FC6DCFE2A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\Resources\20\20A244C0440ED0B418F454F8A12ED0DE6A8BD6D2MD5=821F9303E3FE9F77F1D1A9C63458EA83,SHA256=4A976636EA6B4E42020A1FC707688E18B7A52B5EE3BCBAE3549E1413CF0EB46B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.143{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Guru.plMD5=3C86D5E6524297C2AEC41EDF0D3862AD,SHA256=668C5483F5A35A423FEDDB35F191905951005C2B812BBEB1F5CB608F244CAF79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.128{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\F1\F1B962CF2939030C15C91226D97B9EEB9649A04AMD5=47F08CAAAFF61CC97656D343CF54F184,SHA256=069B47A0AC2458E7A3E65A9782FD82D35CCF9462B7D731BC09F6B90DE30C2897,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.128{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Gujr.plMD5=EA10F0E6FC9C124E65984A908390FEB2,SHA256=009BE32FE8436DB725A7C84773A3FBE5725BF173E81FF78A58C4B717488777EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.112{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\CA\CAC50F6B11D80BE2A0467166E0BA108D07410860MD5=D0227BDC57A6C65965038A8BA8FD26CD,SHA256=059F7AE5C295C0963DB2F53C7D0A33C3CA119E9A66A5EA675B127179D83FE4F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.112{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Grek.plMD5=B841F5A5EC97CBD838CA18DF55FA3592,SHA256=672D583B8A038B9ABA2D20A9CFBB0138112473CF835D3BBA616D56F11E3C0E79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.112{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Gran.plMD5=53C964CBA20069709CDB228E816C8C1A,SHA256=E84FF29FAF9E5C84DB70C6EDFFA8AADC07486B8A2769982F490A416B284182A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.112{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\C9\C9C133660468FD1D9905F598F5052DBB01F42EEAMD5=E7CEAD95A779F0A7EE499163C058D9FF,SHA256=14BDAE43B5969FC6053316B1A28F96040F2E4C67A0B41BFC8EE5524271E61061,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.106{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Gonm.plMD5=49B7B820EDE8483266B8842839B2A2C7,SHA256=899DB77C2CA6EEBF03F29A3CAF0CC4041526D12AE73EB6BDFC36EF53D350F79C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.090{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\C7\C70AD53E38BCEC126D90CC89968CE3D4FC05100AMD5=9146E32CEA706BA69566E9B1B12DE795,SHA256=5C99B827C9B5E887AEDD3FB9209971B6791CC3287F662FF2B8EAA87799F7A3C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Gong.plMD5=385566579EEC65FE7D5AC5753C565F4C,SHA256=494880574D3713D857FC51D46671FDF9641A53AF0948A222ED37ECE9494FA8AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.090{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Glag.plMD5=AAED2196C0186FE844520106BE4A1367,SHA256=56FE75B48D25F93DD590E2776B2C95E6608958C001559991ABC8DAC60847C63D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Geor.plMD5=AD457BADB11CD51CA1D8546404A4A17C,SHA256=7754A7ACACC50A7ECC32EF6FCB5BC59818A9121397A02454A90E4F26AC33BCC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Dupl.plMD5=B17A4F7147BD836BF1EE42D3683439D6,SHA256=EBE0A1501D4B2286F7EE55FE482C1093C4FFA047AFD28AFA4BA28548F567AFAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Deva.plMD5=4075905CAE02E7EFCA56932722DB19C4,SHA256=6EA55933F141C29FE73293D7B3B58833DAFFA3563CCE78363B0B01F515CFE324,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.073{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Cyrl.plMD5=C8FAFF436B3DA6DA450F835B1F035B0A,SHA256=21056156521DF855D28D9425CE2232B1B5907FE523AAA2D2CA023AD362E422F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Cprt.plMD5=A10BDA3DB3826A2C54BC8604CE034D39,SHA256=46CF88656123F06680BA0D84F18079D579EFCC60FE94AF95A85BE647FEF20EE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.057{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Beng.plMD5=96B6E20CBE7B51C7B2D3DC866F47F182,SHA256=FB48236413CF0317E6A7C236040943EF5D667FF4179CEA45C8C54F1D165D91EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Sc\Arab.plMD5=B440837E71E10C78F64474466282A3BA,SHA256=4F1A42DDDCB7202C8414421AA9BC0C154EF12D45523013E21C850C7AFD76BA2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.042{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\XX.plMD5=9B3544BF071157BD8153934B6CEE399E,SHA256=00558C4DBC790E083ECD370AB69CBEEA3A33976D17A2F57CFC59D9B9FE754AC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\UP.plMD5=B56639A7AAE56E4090D1480F83FF5E71,SHA256=0CD8D5714D72E166B710A367F7ACAA4FFBFAB6922C8B9A608BA3F557CA2209B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\ST.plMD5=3645EA6656E8A19E7E383F3F4DD96102,SHA256=01565E268DF046483817536686201D895E809F5075047ACD8212FFFCE8E08974,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\Sp.plMD5=69341A9F0B1AB5E78F4B6B5848C4F987,SHA256=31436F6765D28CFC412CEA024C516B01E9E09E50C857FC5386CE328F19FE9210,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\BE\BECD026FFBAA428FA50056A7BA0A990F009175A1MD5=5886AC9AD32545FBA00411FDF7838958,SHA256=F9293A366BF52F4E1FDAA5A67895CED7AF2E569525EC1E230022EB0DE671017C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.026{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\SC.plMD5=3E562FAF6835B7DB9CD4943190B81A5B,SHA256=D23C26C6DB6F84A9D8A52717C441D0476A8144A75B1A40D0ED0E960A5FE8BFAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.010{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\NU.plMD5=F0094A13B14E87F1B2EB81B0FAF153D9,SHA256=82C2E96AFC7E03198E4A7C342E80381131C73BE4B70DC46DAC9DF2D0B8996058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.006{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\CleanStore\ResourceData\AC\ACB1D7CE5E021B164F4FECF38080A056B91F8A25MD5=A174E15DD8EBAFA822DDC85C127C3AD4,SHA256=04C7C5A1EEA9D082DF31FC992FAAFA61326B5C683B6A7E8846FCD415004B1F5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.004{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SB\LO.plMD5=74A34A7659DA6DBE0E2F62BBD1703E1D,SHA256=47DE58153BD5DF0449AE5F881E313641B60421B7BD9DBE2CDED7AD292364176A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000031811Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:38.019{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48B02F9DCEA30158BC8E30B8CFF45E76,SHA256=D376774D73703E30E6C326738E2F8284B89D9C358582826219F80DE4980B48BB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_01.TXT2022-01-20 07:58:55.381 23542300x800000000000000061331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\usr_01.txtMD5=E72F32E8CE1981E0B598B1DDB016BAC7,SHA256=4B6469C8BBE107D4302C799E6FF0CABC6606CB50D5FEDEC503916C1A1CF0D8A2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\undo.TXT2022-01-20 07:58:55.381 23542300x800000000000000061329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.995{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\undo.txtMD5=CD5B4708E08C7F34E96DF4FDA1D24285,SHA256=9EA747C33B849328D69A59A0CA85C4FE5AABFD33FF5F6E2CB114AFAC4F9C6E06,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\uganda.TXT2022-01-20 07:58:55.381 23542300x800000000000000061327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\uganda.txtMD5=A8D87EAAEB761BFA9B33CD57564E871F,SHA256=DB793C305D2AEF8A16F0F475727FDD179DEFF051ED823F8B8DCB859F3B52AD12,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\todo.TXT2022-01-20 07:58:55.350 23542300x800000000000000061325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.979{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\todo.txtMD5=09F94CF8DCF23FE49620A4A708BE2C72,SHA256=07F07907B59589A2F25CB1562F91DD6A6FC97488CCDFF451B9EECB3DCE935B20,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tips.TXT2022-01-20 07:58:55.350 23542300x800000000000000061323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tips.txtMD5=5E788B4F9343A00EADBD9AA70B099BE4,SHA256=6921D9771FE1D65A355CD7BB8F0FA2E09BC547636BBB8D91A2779F33C7A48228,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\textprop.TXT2022-01-20 07:58:55.350 23542300x800000000000000061321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\textprop.txtMD5=E01A46FB2BAB4C23CAE521241BC19ACB,SHA256=A63A561746D51D4CF26F6CAA23FB78904EDEA2C5E2C9B5F1C1BBF66D10C80B72,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\testing.TXT2022-01-20 07:58:55.350 23542300x800000000000000061319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\testing.txtMD5=DA0736FBCBA3795BA7399993F4D9EB36,SHA256=3CA7393A667958D6446AB2A247E47D43115F113153E18A4C3B0257C79F141F24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{3921BEC2-6984-476A-AF26-1392A85F75D9}MD5=5EE582E54A0A4057FAC10366A4C2F0B5,SHA256=B42FF6E77CB3A3793437F21CF3791FD020B0E70E1F76B23DD28572017546549D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{1FC74DDD-5B06-4988-8001-06A18E55FBEB}MD5=09A5C580FECE5D6FEDF549BC68DF837A,SHA256=D4076B63DE80AA2584A3F9934FE67B0FA5F5EBCB9ED2DE3AB38707A5C372DBDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Quick\{00DAF446-FFBB-41E6-B3DD-E8D5E3501FD3}MD5=2FA2A190B575699D4D1517E81961587D,SHA256=254B5F8DF675363C74D4AE0F4BA1BA60C845321001D4BCE80F1B3C729CF326C5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\terminal.TXT2022-01-20 07:58:55.350 23542300x800000000000000061314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\terminal.txtMD5=10CAC9E20C949144E08BA821285A352A,SHA256=A2BE4710C269ABCC356BA4142C30282EEC58BAA22D11191432F9B1F1AC5CE5F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\0MD5=2EBE5612C8CFD24E012D8B806A1C0931,SHA256=BD978BBDA7EA78A7A20B423B590106520A66EFBB8A8C8A429FE804454455C4D6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\term.TXT2022-01-20 07:58:55.350 23542300x800000000000000061311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\term.txtMD5=959F98E9B08B7316D1696732153AAF9D,SHA256=698ADBB11613AFA90A417139B044B892B669BD8F6A21416EE117F19457453706,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tagsrch.TXT2022-01-20 07:58:55.350 23542300x800000000000000061309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tagsrch.txtMD5=E38739B043664E84B4C8D7D50771B06D,SHA256=1E9B4D7AEC7353793A8F57214A4D54DA1C5D4F1897302AC3A5BDB6E5153905C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\302MD5=90F573623909E39E48BD63FC72CAF669,SHA256=AEC35ABC5E7EFC2F6EB3343F50DFD40F35CE5AF98BF76A81D998F035961AAF59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\109006MD5=BC10672245CA9A2F297E6FAB16FC62B2,SHA256=D2B8F5062C8431FD5DBE1753F3103988EDE5497CB7C0CDE6FE60AC247C0EFBA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\109003MD5=118873FADB3A029F44F52298201D1F8C,SHA256=A8EED11DD73F3C1363CD18875CDE2F2F8D9BF0F4CD65F8FC057C05E33941E6DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\100018MD5=61CE26554E9320B4A651D7CDF7740888,SHA256=A033508F1EC35E3DF0860E4199984B6AF832CD8028AD086FB3FF638732388C62,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tabpage.TXT2022-01-20 07:58:55.334 23542300x800000000000000061303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\tabpage.txtMD5=7502868695A265AA86CC3294482606E8,SHA256=3C4AA049C123C15927FC0D326051958787999BB12E85FA6D711EAF44903C30A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.948{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\344MD5=07B79F845A85BECC430568BD90A162DB,SHA256=3B962290993FE9647F1E0F9B8F88D71ADE23AC63170548FAFE289876D7EB275A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\100017MD5=672AB2F8A70BE01454A94BAF672AAA00,SHA256=470CA8D591CF59B7C8322A34107DAE9F6CFA55E2356542954149E078BB0EFE4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\100002MD5=ED2A469E5735352F75B3A541E74C32DB,SHA256=75B66F69DBD55DE68D2EBC90E021907A816116126557F5963DB101E6DA733F53,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\syntax.TXT2022-01-20 07:58:55.319 23542300x800000000000000061298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\syntax.txtMD5=63A405F3A570B0402502CB69389641EF,SHA256=E243572F2DC4FD54843B30A37A653CB2F4A33E2E6ED5DB229D1DA97756A2B0DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\20\346MD5=F5E527AA2DE972296D29C71997925F2A,SHA256=84A1C46CA8E9A7218E7818D2D82BD4988C465580416F13CEF0813442CC4C3DEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328MD5=1D38BEC53FA65F59BABAA71B28ADBA1A,SHA256=91D5480931744D4492F591547E28C6827B59B70D08532880933A6A0164A17019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\15038MD5=F669E0ACE06BC66A998B1D0DB7A329BA,SHA256=216A5C4D5D5DE0CEE76F2EC7329BF8E4F4D11362C15406175AAD4B61C0B9B25F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\12284MD5=B4C82B94E721FF8CFCDCDCA7C8CACA25,SHA256=EECED287EC165D01280790CF16C657412C6758D323E1FD799199F209DD3B26BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\109002MD5=32E8597C4F5E548E2B6A4A63F93E7051,SHA256=9878E68329E6CB5662D964EDD4ADCD6BDFA8DBF0D1079FBF6E4E9032254C77DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002MD5=D5848F2D0AAFC7E321D617686F80978F,SHA256=F42E30B8A4CDE9468E0653F3D9FFD289B2F962B5381EBFFA420932377ECB182A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001MD5=D41F8E7B0B984E4B40193B9BD3D8E2CA,SHA256=982D4F437B9B9A4C831973A76C443572F51F84FF7DED6F40FE5CA4705E1F0C7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\345MD5=E2E73B82DEC60F1781376D30135018AF,SHA256=3AE1B79500D69F7CF5304F98063A2538ED0A7E0A06E592F913D53BD00CED5BB9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\starting.TXT2022-01-20 07:58:55.319 23542300x800000000000000061288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\300MD5=51AF86ED72E1ED7CD1C070892FA43DCC,SHA256=81C416C0F0D4C66EF29D76CC93A7FE3556721530E610F1CC41D837B7B1DE9772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\starting.txtMD5=483940AB330BEF3FCF1A3729A47DE713,SHA256=CCB6306D5D154FB32B7B784A8ECA5E2F8AE25E1354202DD93AA5A217A376F6E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\109001MD5=10803D5BE5C23DA7F643E97851156F34,SHA256=91F47FDCDE35212F9F223AF25A8054D1384A3514D2096E798CD920EF4E87295E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\16\15045MD5=4A0DE36E40FB87A6C0FB87A9395AD51F,SHA256=0725BCC3A7AEA82B8EFBC7443EE96BD484C3297F1B38241D82FFD7F9AA048F10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\16\15037MD5=44C676194CBB78FDE340ED6559A5570B,SHA256=25829D3F6FF56CF1E7838755FD195019E2B5F9EF52868646D4E3D24981BA4CAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\16\12285MD5=293F2A6D6C3A660BC49CAFA53B8D5275,SHA256=A6ABA3142539630F26232A6305670351F887B9EE3AEB7A4D5DBCB168012D686B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\sponsor.TXT2022-01-20 07:58:55.319 23542300x800000000000000061281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\321MD5=39E6A7151A573919D7681604B1BADAAA,SHA256=2D9770E8B229ADD006D35AF894D4FE8B638E97B306A829BD1E4C9CE0521B8768,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\sponsor.txtMD5=67742DFA7388A5FD22DF9AE9A7BA48B2,SHA256=DBE4B61964457D31A179F66C7BCD4E46E5C32E4D7B02D5D2D0BED92757D4DBBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\292MD5=BCDB03073F16F99C69BBC0B66A262BC1,SHA256=274E7ACFE6FB43573C208F9C9103FBE3DEA60FD0305B8BEA0D1BE02F6435D850,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\288MD5=F254D377F48D053B2D081FCF0FD501F8,SHA256=3438FDE9090E9432BE3E663C0D653ABF84E6EFCA2CC7DBDDC5D00B805B8EF0BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\9664MD5=2C7BCF428969FD3B9C701BFC9FE82105,SHA256=2BAAA1510A78BDB430DF7AAECEF2469443E778A67FBAF7EB77806D9822ED0F3F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\spell.TXT2022-01-20 07:58:55.303 23542300x800000000000000061275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\spell.txtMD5=05D597256F9B706463D860F1DFE67836,SHA256=9A37784D5EFB8D8629FD4B6E4FEE6B54F159398D3B92BF759B59D9A1437019A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\14\15039MD5=AC0BE5C3D31DD452CBAEC78C7BB642A9,SHA256=6780A3DB79E390692ADA6D4E213F3F3782E450358D1BEE5FD1B3B2D2008467CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\12\12282MD5=F86FD3CC40CC7735BAC118EF3B8C6A6F,SHA256=15FBE292A250870D430824B91C2D5DC6A96B6CC3D73998D6B3DACCBE4F8D069C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\291MD5=53551488BB63737AEFED80D0C32B2E8D,SHA256=9056C8EAF3FEF4DD384683D70C143F1EEA31701C5E6FF8EF25C8300601939A32,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\sign.TXT2022-01-20 07:58:55.303 23542300x800000000000000061270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\sign.txtMD5=B8069681B66B3D9FB2306C6E6639339E,SHA256=24BC05347FA820B7B66522DC1EC6A03181683D363995EAC0924494E33785710C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200MD5=3717CE1E5090B2FF0CFE0D57E75CD470,SHA256=0579B24D3F454266EC583DA6A182A3D3B91E88CB1AD6DDC78FA6B845891ACECD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\15040MD5=0746F0DB45C45A93EC7AB35FEDFB263D,SHA256=394343E2562C701DC4A31FD4A5C4033FFF9EFB59C432C1AAA24BDB418672CE8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\1252MD5=770D8A5EA5F3ED6C3875C86CA4DB2D2C,SHA256=737E43D2AEB469EB0D12EA12662F7CE2A09A004E6B3C73F40F7DB2724212E564,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\108033MD5=3FF638E2C8D00939385D6F655A0F32B8,SHA256=86F5DF81840855D5516BAEC79CEAEFD0B20F13EF0B71EFD1436FC5BE59AD7D62,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\scroll.TXT2022-01-20 07:58:55.303 23542300x800000000000000061264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\scroll.txtMD5=E9A3144909A7CD3D34FEA5B58A094BA8,SHA256=62E9C5AFE2362FC6FC7C1C88B97A85B809A1EB20821969D45C04DEDC3D5B1231,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\340MD5=7785DB01F5ABDB557CBDCDB700994965,SHA256=11D8E5067866B488616EE4FF45BEDCBD1D21AD5AE9377CC5BA5EE28A1EA9CF04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\10\197MD5=BDF15DB819924925B3B87DB549AF0F09,SHA256=169C208C56C0CC9DB0DDA51CFCA71D3C1EB687B481B909DCF6C60B4EB940A6F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\09\238MD5=0FF37E516CAE0DDBE09B4CAF45CD48D7,SHA256=E4C5064E8ACF5CC2C2784F62B1D8FE4EB7CA2DB7B723E9A528277188B38C2D81,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\russian.TXT2022-01-20 07:58:55.303 23542300x800000000000000061259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\russian.txtMD5=E072D4C8D7A8E68D420A9F7C7E83CE22,SHA256=1AAE490E11F6FF0F185C3FA173DFF496989DBE46E1699D10D3D8619E2E134E0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.914{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\08\322MD5=1EFCF75FEFD2AB47F27C9BED56EC2E42,SHA256=F3F6B602E568F3456EE125DF5092599C5B85E5EB0D7C4A59EF924B2E73DB7554,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.913{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\08\15004MD5=37232B00AF50013FBACC090B86031B4D,SHA256=F209BBB78933E5AAD76469A8D9450F4C3E72A4B0AE26F1E3A9AD1177ED3A51C2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.912{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\rileft.TXT2022-01-20 07:58:55.303 23542300x800000000000000061255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.912{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\rileft.txtMD5=A1E710081A83551953064E2441A555F5,SHA256=F0BD4264746D1CC7B1307302DDF5DBEFF244C28371E5C694A7265FA09FBA9E7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.911{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\290MD5=64E981EC317D55DE43B17921C9829F0E,SHA256=CE674CC40253F648EA11DE62F4976FFF83B94F0ABD72C16642D15FB1310C2E96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\07\15010MD5=5682ED85D2797ED434C56E9B83DD121F,SHA256=80477EF5CD527E09F888A05BB7CF989737F13A222628DC9FCDEE9F0E8328F5B3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\repeat.TXT2022-01-20 07:58:55.303 23542300x800000000000000061251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\repeat.txtMD5=A7D249882FCF67F87241476586FABE4B,SHA256=92D2DBA9B9B2C16FA0978FFFAAE695EBF798503D16C20FB71A7FB13850C345A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\341MD5=D74E07991A7C763EBBBCBBCECD5CCDC2,SHA256=B59F95BB39AF71BD1820EFFA41671B3925ADB8968DFABDE7ADA79FC69CBC1041,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\334MD5=91E44A17A0CFC5136A26C6CA8F264C6B,SHA256=F2801081C1CD07C2EA074216323BBD2681145C1E23259BE518F7F1973CC03790,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\317MD5=3480B84B3A51825C6AB4539D03F3C140,SHA256=4F40C8091DB9A146902EB8E6EB2AC3C562AE0A8C7508992BEFA12E8D53477A5B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\remote.TXT2022-01-20 07:58:55.303 23542300x800000000000000061246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\remote.txtMD5=F044E2D210C48D2F6B40E08DC68BA2D2,SHA256=38637F5D8D254C8EBEEDB509ECE57911B44750C9ADE6276DBE8957B8F22DE5C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\199MD5=88784E5465584EC0A02E4B4E4ED810E6,SHA256=7193A9901A2A33D9B8E77C9EF9CBCC4E90213A12DF863D682CF8FD62EB5DA377,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\100013MD5=57E8E054E1C769660E53B799C22EB386,SHA256=4AAE77861A3F9AFDDA49486BDA06D789700B256F065C5AAA4061ADFEE7B92641,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\recover.TXT2022-01-20 07:58:55.288 23542300x800000000000000061242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\12283MD5=8D7EEB459DBA21173CA2AA58294190D0,SHA256=BCB8E49FA693401FB5661DB0DD61BBDD37D62147C901E0EF52FD5F1CCFF8B0ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\recover.txtMD5=7F5898F82E5C07D67F0DE99F80A0CF21,SHA256=EE0F97829B7FCF7BC3746629EF29A46967223CAC124F8C23CCC8685827C50E57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\109005MD5=348BF11C5F128010B95672BF25F273BC,SHA256=0C5213798D66091F08951B1E177FCC8487DF06384691CE052F05703DF983BA17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\13687MD5=2B120176A2E0ED2C4FA2AED0EE6A736C,SHA256=BACA86585B54B23AC17C016ECF2E6FA577AFE6A2D65112EBC0A4E1ABBB783F91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\02\109004MD5=FB9D99945A27FF0655D2A30BCFE4BBB7,SHA256=03681FD797E20593A9236C6553AF57866E33D00FD9D671A0CDC3F9CD816DA600,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quotes.TXT2022-01-20 07:58:55.288 23542300x800000000000000061236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quotes.txtMD5=A562C125685D569AA21C1A111E76C2EC,SHA256=B0F72AC929FCC848D410CB1A5E5BEA0D4D08DC6EED43F6982EF836C1433DDBB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\289MD5=348D7AFF7D21C141C507DF0D0B17F950,SHA256=58EE8A3E0FB5A338F1C063E15EC6BDDDF7A61CE939C8F4B2D9C540C3A0A17AAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.895{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198MD5=6769810EA4D8E982F6012C78C8873DAD,SHA256=AA5DF73065752CA642154E120CA89B8EF41C8356DBCE32EFFA08C71A215311C9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quickref.TXT2022-01-20 07:58:55.288 23542300x800000000000000061232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\FFD2CF5B-0000-0000-0000-100000000000-0.binMD5=8BF911C6F9624434F7B10FD278BC76D3,SHA256=DF68EBBEC7591F31152AAC6534536A8C4A467BFBDAC619F9329E2E381F72A8FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quickref.txtMD5=C4465389DF9BA29E44FF466F197D4F58,SHA256=69EECC231B5CF2ACCFA70C68AF03D3F2218AB52DE17E800564E252AD50277AA3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quickfix.TXT2022-01-20 07:58:55.288 23542300x800000000000000061229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\quickfix.txtMD5=87CFBD7ED35275EF2D1F32D25D80EAF6,SHA256=C85C685F8694D729CDAF777F1640410F0D9B68A5B2DD07E24B0F87C98C2F0F2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\FB5879AF-0000-0000-0000-100000000000-0.binMD5=FFA707221797469CDC9D3052C6C5F6EE,SHA256=7F0DF77B3E797AEC98D97524C7195532AC097D60791B8B50C3B38AB92AD64281,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\print.TXT2022-01-20 07:58:55.288 23542300x800000000000000061226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\print.txtMD5=896D1D20A0908FCF79D6126CD2A0C2FE,SHA256=152C7A765023E04996907327E007950AB4E3AF8BC0EA6D8B8AA9C6746C0FD530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\F687CA44-0000-0000-0000-100000000000-0.binMD5=939B68C4B69FB04DA80943DF9DFBF3D6,SHA256=EA24F21DF45F839FF64EA6FA62FC4FBCEB34BD44F554F38F4E0433EAD71F0D3F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\popup.TXT2022-01-20 07:58:55.288 23542300x800000000000000061223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\popup.txtMD5=AA409C5F87E5FD41CBE951091E88702C,SHA256=FB73AAE2B64EFB21469E08A557B27F7A937882E82BA713DA1DF155EDD7E2757B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_zip.TXT2022-01-20 07:58:55.272 23542300x800000000000000061221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_zip.txtMD5=09484B799D8897D4CA38ED554E441182,SHA256=2B33DB440C630E899B5E8E12C7FEEFE273068A7E711634866AF788D01E78EC4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.864{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\E4449258-0000-0000-0000-100000000000-0.binMD5=BE1E3E44A2C3408789AB0D961992A454,SHA256=FA52A17E648F416B821C6C3904A1FD26CB2C2978AF39695BD40D9B1ED90C4E75,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_vimball.TXT2022-01-20 07:58:55.272 23542300x800000000000000061218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_vimball.txtMD5=AF88B16CF7DE7F4C2CAAAD625820516E,SHA256=04C4D5B2EE8BCE5A079EE6EA211059AC36272995E80C6A46F2FD27778B11028E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_tar.TXT2022-01-20 07:58:55.272 23542300x800000000000000061216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_tar.txtMD5=D98B48DD879C57EF72F00046FEE3D781,SHA256=AAA88039BD4C3ED5B90F1ACA4BFCD2EA5FE19B49E86E809E28BCD05D968B3725,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_spec.TXT2022-01-20 07:58:55.272 23542300x800000000000000061214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_spec.txtMD5=EB8AD3817587E4B395291521A0C34C2C,SHA256=2505E738652C76B6EB346EE89EE171767209BFCD07556F0DFA3E4DF0FE49B8E9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_paren.TXT2022-01-20 07:58:55.272 23542300x800000000000000061212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_paren.txtMD5=0050F6A796CC6FF99FEEC5C7E505B09F,SHA256=68EB516A8285D29842FAFF69A7DEBABD496CD57BD60985C8ECD07D35A2714965,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_netrw.TXT2022-01-20 07:58:55.272 23542300x800000000000000061210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.848{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_netrw.txtMD5=597AF412DF7372D2DB11A73C35855523,SHA256=4B7E0708161228BCF3B4CD81585DFCB03A56BA769898F1D9107593956CA71AE4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_logipat.TXT2022-01-20 07:58:55.272 23542300x800000000000000061208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_logipat.txtMD5=CAE249B4F963A822F3A8EF891D48B17C,SHA256=1D7162803B56F55988196C26E73222D94EC9C68F37BEA751158EAE770949E6EE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_gzip.TXT2022-01-20 07:58:55.256 23542300x800000000000000061206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_gzip.txtMD5=C35C6B94763DDD50B3B490EDF8C9E4F9,SHA256=04A74C6380D77EB9CEB67145A0A2925BE37984A98E94977839492104D18F6C02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.833{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\E353614F-0000-0000-0000-100000000000-0.binMD5=3B277116853189FAB48A42F97B995573,SHA256=6C371C06068953630603A20013CA1F13B5FAC8C76CCA48F4DE76D89D9B37B6E5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_getscript.TXT2022-01-20 07:58:55.256 23542300x800000000000000061203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pi_getscript.txtMD5=791C1E899F44233EEFC97E5ABFF2E387,SHA256=C530BF8CA7D598B0B8CFF1E45772454B51B6121679457D23930DDBD64B6C9427,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pattern.TXT2022-01-20 07:58:55.256 23542300x800000000000000061201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\pattern.txtMD5=FD24647F7B6225CDDDA1D2DB1D8B0E62,SHA256=792707A276DBB811846824B40C993383B143C4FFAA2859FF45750F9ED5AF6B75,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_win32.TXT2022-01-20 07:58:55.256 23542300x800000000000000061199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_win32.txtMD5=633BF64C2531307E2D474B904E398F61,SHA256=AB771F819D8B1D5E7BBCD90FA12CC0687933B13E3BFA20994A9BC082ED148C34,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_vms.TXT2022-01-20 07:58:55.241 23542300x800000000000000061197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_vms.txtMD5=6C1B40A3D3A5B18E5A7D96C0879F3E20,SHA256=8777AB7DB4115962D1E4175EBAA547A0BE96814129A4C6AA78084FEA32A3928A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_unix.TXT2022-01-20 07:58:55.241 23542300x800000000000000061195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.817{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_unix.txtMD5=E29DF88DE7323CDC896EC4C9239B7B54,SHA256=3DCC2540697D0204796EB3BD861F69DC83AE05984E09C6B8387498A82F121C4E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.814{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_risc.TXT2022-01-20 07:58:55.241 23542300x800000000000000061193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.813{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_risc.txtMD5=2D447C1661603F15D1A3DC6E03D8EE02,SHA256=9EFFE8622A201D442B762C0601550141E0F79B7C2CD3DB42B784D55AF9816D32,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_qnx.TXT2022-01-20 07:58:55.241 23542300x800000000000000061191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.811{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_qnx.txtMD5=CE98B178B630368969D62EA969EE6053,SHA256=A1CD74B5D44EAF6E761587712A867EAEEC685DA91C89AD4769A4DF22043C8284,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\DFD6B7A8-0000-0000-0000-100000000000-0.binMD5=122920411F5741E544CD8D2F5DD85ACE,SHA256=C5C0BAD7F32226135C547FA39689D9E747CAF8075FE76BFCCB72D80657A221D3,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_os2.TXT2022-01-20 07:58:55.241 23542300x800000000000000061188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_os2.txtMD5=DB84E26B3ECD440D79EBD914D2EAE492,SHA256=C5154CBC87D24BC72EA9D58373BAB4F836DC75C6140A036CD5ADEE07BC366998,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_msdos.TXT2022-01-20 07:58:55.241 23542300x800000000000000061186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_msdos.txtMD5=9BD6F854C7D07BEE35F08F76B03472DC,SHA256=507113C43D0A98C1EC9A931299F2D87505BF137A4EAC6D5FE3C6A6F066089A06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\DD52F587-0000-0000-0000-100000000000-0.binMD5=45FE56E50C4873491C4FE85C8CBCA4AC,SHA256=BC1F50DDE26F72239F1EBFFECF96C26E05AC1C59D04F385E9E05FE76739F6174,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_mint.TXT2022-01-20 07:58:55.241 23542300x800000000000000061183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_mint.txtMD5=77E67E46813207214ED601D8D3CA1153,SHA256=6725DC8DDB3C8CF922F0038A0C972E584732EFDBA477A4DBE649E8380CBCADCD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_mac.TXT2022-01-20 07:58:55.241 23542300x800000000000000061181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.795{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_mac.txtMD5=FA2BE991EA475430CEBDE78C0B0881BA,SHA256=CD32F2823FD1A4E1E4F23E81F20FF14A17BB072157CCDB9E166BF48D6C353A6C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_haiku.TXT2022-01-20 07:58:55.225 23542300x800000000000000061179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_haiku.txtMD5=14B424975340C4A2367AA34BF2ADCDF0,SHA256=C04DB46469DC638671051EE0BF16E9C420624C69F3D984AD236F22F9955DEE56,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_dos.TXT2022-01-20 07:58:55.225 23542300x800000000000000061177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_dos.txtMD5=CADBA3369F06C28EAA4E8B8CE6A18E1D,SHA256=69D0A1B75C2FFD1756F2BCFB972AC1DBEC134680EA7FBC70A13AE511D0C52E58,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_beos.TXT2022-01-20 07:58:55.225 23542300x800000000000000061175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_beos.txtMD5=89DB4598F2A0BE0697A20BB79B292EC2,SHA256=079B9459A30AFF9AF24BCBB4B0DA1B19A68C3113A85DA3438B7289C6057791B0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_amiga.TXT2022-01-20 07:58:55.225 23542300x800000000000000061173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.780{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_amiga.txtMD5=1646AF41BFF31519AC85820B649E0C28,SHA256=7BEB5B685A366814121921CB0B3148DC7103D1FBF0B4E16A7AC5AA4D1CB699E4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_390.TXT2022-01-20 07:58:55.225 23542300x800000000000000061171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\os_390.txtMD5=4E956400283C77CF8B5FC835AD4CCEEA,SHA256=79B4878E40C4C44F6FCF8C916CB54866C731DF91F75FBB56C5A412E5CFD3DCE4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\options.TXT2022-01-20 07:58:55.209 23542300x800000000000000061169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\options.txtMD5=546AA450F1C1971A0928305A665B2AB7,SHA256=607968E404509AE1421F3460B996915FD2228EEBCEE65E9ED0735E8CB16EAEE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.764{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\DB19BC7D-0000-0000-0000-100000000000-0.binMD5=89D9E269125685BAE4F3D8C8427AA87E,SHA256=A631053F69DA0B2AB3E548B0D16209B63684DCF283329028D3868C4BECA32B8D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\netbeans.TXT2022-01-20 07:58:55.194 23542300x800000000000000061166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\netbeans.txtMD5=3CFB1E820FD8C39AEDBC5E49EC4EAEC6,SHA256=5CE56C7AC3BD7AB4473471B04DA43CC244CAB01B7B822CE54C8B1A64E9AD1860,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\D83DD2BA-0000-0000-0000-100000000000-0.binMD5=C8B2C8A4B1452184993180E1CFDF316B,SHA256=804B4603736006977B64DCD5D59162AF8507970327E6B4B2A8FBC267C2857989,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\motion.TXT2022-01-20 07:58:55.194 23542300x800000000000000061163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.748{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\motion.txtMD5=97F61CB51342961609343447BC636873,SHA256=D207972FA54E7C8CAC7243843E2C65A563737907F30E8A85A3B70275BC8F1647,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\mlang.TXT2022-01-20 07:58:55.194 23542300x800000000000000061161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\mlang.txtMD5=5106BE1D3FC95899B4A16C69B585C3DE,SHA256=2437F50EFA1C1C3D843B184284E72AE0FCDFDAB8F5C963F9C79B117232FEBA18,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\message.TXT2022-01-20 07:58:55.194 23542300x800000000000000061159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\message.txtMD5=E211650B339D26B7A2B4CBF0FE062E88,SHA256=4E28DDCD2183D8EA469B8DEDBA03C8E1835846A5A0B8BDDA05CE4B508D2B7687,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\mbyte.TXT2022-01-20 07:58:55.194 23542300x800000000000000061157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\mbyte.txtMD5=02959DF209CFEA182F7F7CBF54A36534,SHA256=66315702636A5244CAFB666CEEF8461C456C828617D58E2D65BCD5394CAACE05,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\map.TXT2022-01-20 07:58:55.178 23542300x800000000000000061155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.733{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\map.txtMD5=FBD91415B0D9D63231DFCC692DA1F698,SHA256=42371C4F5181D1A59662C425912CDDD235F393146E9CB51166DEDFF19067D407,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\intro.TXT2022-01-20 07:58:55.178 23542300x800000000000000061153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\intro.txtMD5=1B85973C54F03C511BC5182463B19FF5,SHA256=13843CC1E737ADD1D95085A73C33F476D829EF7CE85E18838417FE55A1474266,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\insert.TXT2022-01-20 07:58:55.178 23542300x800000000000000061151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\insert.txtMD5=CD41FA289395D738C52D76679D97BC33,SHA256=28C538FBD61495FEF1D3D10937E02A3079E1C9B071A4A382E3FC80B2B7530D68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\D370F6FF-0000-0000-0000-100000000000-0.binMD5=326011A3813C232168EF55D131EC204E,SHA256=A1F0641A1F6F1FE9632265E767797D9B98487F8A2BD56E343DC21A04BD02E956,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\index.TXT2022-01-20 07:58:55.178 23542300x800000000000000061148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.717{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\index.txtMD5=8DE1DD932139680B9056AB36469D63E7,SHA256=0816F39B07630CBABAC8101B2543ED0B16A02C7D1318EA8ACE4A5E638422D184,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.712{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\D2186144-0000-0000-0000-100000000000-0.binMD5=B34173C82B8BD085831EB155455E0817,SHA256=CE7D63B8B352E17E760F6DA8CC3BB7D920B1EEB6188F071E4F7C19743BF4113F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\indent.TXT2022-01-20 07:58:55.178 23542300x800000000000000061145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\indent.txtMD5=4AB73362FCF4DD81682D7EC2DE31AC14,SHA256=0D0229F611F1E962A0784749B88C280BE2E6259414A7F867A7641EC9B6B6F5C9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_tcl.TXT2022-01-20 07:58:55.178 23542300x800000000000000061143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_tcl.txtMD5=2DB63FA00C0B8DD67DCCDEC95FBA7192,SHA256=7AFB0EB1F8239EBE0DE994696681A107B6E188004CCA33B309DECE58AE11FA2F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_sniff.TXT2022-01-20 07:58:55.163 23542300x800000000000000061141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_sniff.txtMD5=9B66279BC6F6BBA4BD409699D902EEBD,SHA256=F1B5D61E160DCC30B5AE6850C8D07C35BB70BA6A27DAD0AEDA0F49D48BA182E8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_ruby.TXT2022-01-20 07:58:55.163 23542300x800000000000000061139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.695{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_ruby.txtMD5=61A3965F275EEDB44379C0A5DD4473AA,SHA256=4B69AB05CD833736C61E176E8FC58704BF4EE59CC37F29E30A71CA3BF78701F4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_pyth.TXT2022-01-20 07:58:55.163 23542300x800000000000000061137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_pyth.txtMD5=2AB44B4B86DB6695C0D090D2484A4E77,SHA256=4C36602F5A2AAE0C9BDA4B6CB144FCBD0FF2E6C5103BD381FBB30953539FFF2C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_perl.TXT2022-01-20 07:58:55.163 23542300x800000000000000061135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_perl.txtMD5=C6125C64DB5F343F96BBC3B552CA27AC,SHA256=8E511000CDBECBC9DE9826CF35B1DF79E9F7D76425CA4A80D67499514B8D9810,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_ole.TXT2022-01-20 07:58:55.163 23542300x800000000000000061133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.680{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_ole.txtMD5=F299C4A197BE0A06D3D5237FF93B73E6,SHA256=8A7941F6C180CEDFC3E2D48DB76DF0A31F96820F229B4C6011F42D6E3B987E59,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_mzsch.TXT2022-01-20 07:58:55.163 23542300x800000000000000061131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_mzsch.txtMD5=5006759F7A0F3E11A58F30F5B8076EC1,SHA256=847F40FE90A21016771369DCEDB7842E30CFD0494A7FA626DE1DF2ABBDD26067,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_lua.TXT2022-01-20 07:58:55.163 23542300x800000000000000061129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_lua.txtMD5=1190CD8DE1CCA13DBF1DD91E2FDCD179,SHA256=BB33A77989AE2723F465B2BA1459639D4DF2F26C1122750DBA4321CAD55D8A23,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_cscop.TXT2022-01-20 07:58:55.163 23542300x800000000000000061127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\if_cscop.txtMD5=74744CADAED209D1B9901A967B8668E9,SHA256=A037B54484ECBFF578E290032FD7115AB818AD23E3474DEC4EF41E6E306F659F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\howto.TXT2022-01-20 07:58:55.163 23542300x800000000000000061125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\howto.txtMD5=D47AEA020786EE6DDDA2C91ADE7FB6F4,SHA256=7CEF80A5B1E27E272919629FB1632559F67BF68FE61CB5FEDADE101B7E57ACBA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\helphelp.TXT2022-01-20 07:58:55.147 23542300x800000000000000061123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.664{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\helphelp.txtMD5=ACF03210CB699430B164233940E9AD0A,SHA256=A7638D24162FFA0D82DFC97B8DF4C4473F77D8D4E494C153F4AF77A7FF6235BA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\help.TXT2022-01-20 07:58:55.147 23542300x800000000000000061121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\help.txtMD5=CFE01D4C2398E8D388AE9AE6C10E873F,SHA256=DA042812536B26DD4768F2FE0038B0E2AA4529D607EE5AE08B4790D209134C0C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\hebrew.TXT2022-01-20 07:58:55.147 23542300x800000000000000061119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\hebrew.txtMD5=4142BDFA6F59621A381D0AF282CB1B16,SHA256=3B7057F607A77ACCA8BBB23F02795C3427CB8A2415D04021B58A6144DE5E1433,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\hangulin.TXT2022-01-20 07:58:55.147 23542300x800000000000000061117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\hangulin.txtMD5=C06D6962CC6C733CD773B08AEB5CC8E5,SHA256=34444A343F4B13C260CA7955BA9A692D41FFA651B166231F38E842AA6C899E34,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui_x11.TXT2022-01-20 07:58:55.147 23542300x800000000000000061115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui_x11.txtMD5=98C65DCA3B4EE80AFA3AA83AF7387ABF,SHA256=661A49C7B9B755DAE1AB837A867B662F73690644E0E0F229CDB0285E3DC0179E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui_w32.TXT2022-01-20 07:58:55.147 23542300x800000000000000061113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.648{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui_w32.txtMD5=36980651EC29CB255DE35854AA09672F,SHA256=3816D858E1D8AFB0D24AD17267D256C939A7DAB9DB1134E921914A702FA40D83,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui.TXT2022-01-20 07:58:55.131 23542300x800000000000000061111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\gui.txtMD5=B4EB0DBBE231638032A5723B16B0A9BD,SHA256=0DD30659EBF5FF42480445B9296DF255A1B4093B7108FC5643248672F5ABB9DE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_sql.TXT2022-01-20 07:58:55.131 23542300x800000000000000061109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_sql.txtMD5=C280301BD8CD7CC53C146F03C078FA4A,SHA256=82CA2312239AC80317B9F1FB53749C0D0748690175B513E9DEC183FDD470024E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_rust.TXT2022-01-20 07:58:55.131 23542300x800000000000000061107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_rust.txtMD5=35254A80115FDF80D0207770A79D407F,SHA256=BE4D18CD4A6F70C9D8621B2CF2DBDD5E7057D5D69F471936BACA32109CBBA5DF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_raku.TXT2022-01-20 07:58:55.131 23542300x800000000000000061105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\CFE4E044-0000-0000-0000-100000000000-0.binMD5=93150EF902EAEBD708BCEDF26B1C98D9,SHA256=C3F5F489EFDB15E1FCA9C4223BDDD6C3E8831FB3B8CC79E4812477FB307A2BBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.633{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_raku.txtMD5=83A8658482D4E1B2C48F85082AFE7F32,SHA256=EC82D2A07640FB2C756BE02943B1AF5B632EAA78EAD1842B019AFC4B6B28DC87,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_ps1.TXT2022-01-20 07:58:55.131 23542300x800000000000000061102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_ps1.txtMD5=41BB4DBD64B6F62A9DD54A412885145B,SHA256=2FECDDDA4D0221CBAD6289BD2479D8042BBE0070AD16C1E3477401B9C5F977CD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_ada.TXT2022-01-20 07:58:55.131 23542300x800000000000000061100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\ft_ada.txtMD5=0A4E0E67BC77954CE958D93F14A8DE9C,SHA256=4BB44EBD9C4A083BCF2D2AFFAB5D834D7D9C539C8EEFA223FC9ABA4237EBCA46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\CDABB3EB-0000-0000-0000-100000000000-0.binMD5=08F1149E46EBD2BFBE30470B427A1064,SHA256=D86AD6A864F68237201C1D1EA6CA3BAF094A3254DCEDD1921AB5EF616163EDC6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\fold.TXT2022-01-20 07:58:55.131 23542300x800000000000000061097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\fold.txtMD5=D854E6F29C3FAF76761D423F821BC2D9,SHA256=FEC95D5EB94B18D7547BF71D14161C5C7828D3A529A0A46A0A54C894BA62B081,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\filetype.TXT2022-01-20 07:58:55.131 23542300x800000000000000061095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.617{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\filetype.txtMD5=E99498FADAB2D893FE44D32ED35CAB70,SHA256=3813B91FA94FDF818AAA0A32AAA75CDB83238FAE4CAAD53CD18C9DD531361E56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.616{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\C9F7492F-0000-0000-0000-100000000000-0.binMD5=B65F770789BB846D4625AA130677C359,SHA256=4B2527C628540E3B4B7A447072D1F1DED1DA85F9A4C86D3C3F5E7877FC3AB2AB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.616{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\farsi.TXT2022-01-20 07:58:55.131 23542300x800000000000000061092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.614{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\farsi.txtMD5=3E66A9D8F23373E12FA97E0B80227988,SHA256=C65FAADA6642A5818AD287B735430E3E20A9621346D2F59840008CB59CDB9040,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\eval.TXT2022-01-20 07:58:55.100 23542300x800000000000000061090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\eval.txtMD5=449B63CC724560DD3D9AEB63CB874657,SHA256=6EA73317C2B3FF5A4A092B00BE1F5DB5B6BBB1D4C41AD9122A9B1CF720D25036,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\C6238F91-0000-0000-0000-100000000000-0.binMD5=B070A639E7355A727D848C9B25E2D5FE,SHA256=0B48D62980CBDF9D84D46B4878514B7EA1595608C33F2B36C5D9839FD6C307AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\C2A2DABB-0000-0000-0000-100000000000-0.binMD5=0B4131ABB71B4B0639123E1A88463E97,SHA256=9BE11D6E618E36288ADE917659418D16767350D2F2CBFD6A4B9B3986ABAB2F34,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\editing.TXT2022-01-20 07:58:55.100 23542300x800000000000000061086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.595{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\editing.txtMD5=279F8F4DC29DCB9A5300EF459715FAC7,SHA256=3DC537A2483C04BD9855ABDD4E81F53D766A872D9BD13482BEBE19CD53FCB855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\C10D87A2-0000-0000-0000-100000000000-0.binMD5=C4B1FBB7DE1C26CBE9DB1F96A796FCEA,SHA256=5023E5D157A51C17539074265A3A3FF94F4939BC88626F1B6ADA9561888ECB93,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\digraph.TXT2022-01-20 07:58:55.085 23542300x800000000000000061083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\digraph.txtMD5=292DDE9A98E1BBDC965A0E769247D2B1,SHA256=1926DD33F95C395C0D5FB4FAAD954227C726EE9C1A531798C7CBC5A629606A89,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\diff.TXT2022-01-20 07:58:55.085 23542300x800000000000000061081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\diff.txtMD5=F9B161249C2F37627FBF5489FCE3C771,SHA256=FD84EA9BE656B63E361441AACD9DF75AC281EF10265B26057238431EC318604A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\BF69D1DC-0000-0000-0000-100000000000-0.binMD5=3E456613F42B315C6C3E42F17C2DF054,SHA256=0AEED680F8F78E362B9478968182F9773F16D523C46F8FF67AA3E4E97680246C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\develop.TXT2022-01-20 07:58:55.085 23542300x800000000000000061078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.580{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\develop.txtMD5=0815B275A7B8A0D53A951542481D795B,SHA256=85ABC1BCE451F754AE04CBE48B1C076C2D35CFDD30006081C3CAA7339EA16475,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\debugger.TXT2022-01-20 07:58:55.069 23542300x800000000000000061076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\debugger.txtMD5=1BF0EFA80C2F87ED9A458E870E6EE8A0,SHA256=56D71EA2F6F002AFB5E562EF36314E67E1486D699DD7AAA82BC8268BA10A5062,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\BD98497A-0000-0000-0000-100000000000-0.binMD5=E34F3CFD9FF3B8EA45A52F5D1790ACFA,SHA256=BB91F96A69307C1402C8B0403203F34B793AECA6FEB5F35C305FB6BB04499657,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\debug.TXT2022-01-20 07:58:55.069 23542300x800000000000000061073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\debug.txtMD5=675EC319112C7F2D4DC3ACC400DEBB53,SHA256=3D326FB1976BB3AFCF3C7B78E9141FF2F58F3FA31895C49993A7E75C1FAA0A7A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\cmdline.TXT2022-01-20 07:58:55.069 23542300x800000000000000061071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\cmdline.txtMD5=255E689875E84FD86ABE81C5B33F5C2B,SHA256=51D0EF58B8752F65E31C39219810DC095948DFE4021EE0004DCAB53C5E031201,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\B8567A25-0000-0000-0000-100000000000-0.binMD5=156DC2717159E8E3D647DDF0972E3AA2,SHA256=432436939963F14A60696143BA837E4833FFA7EABC7AEAFFBA5B9DA7863F5C9A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.564{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\channel.TXT2022-01-20 07:58:55.069 23542300x800000000000000061068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\channel.txtMD5=C9261679BAC6B4BE31DEF86058F2AB80,SHA256=E1F709721C1DD7388911F085DECCFFC697610B268FB5CA5F2094F9927A9C61F8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\change.TXT2022-01-20 07:58:55.053 23542300x800000000000000061066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\change.txtMD5=AE7D9C85F333B8918ACE92803D8DD6A5,SHA256=0236855D228A6E4A170C8A2994B75021B971341503D0D3D5EBA72C2E8A4C0D36,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\autocmd.TXT2022-01-20 07:58:55.053 23542300x800000000000000061064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\autocmd.txtMD5=3FDBA4E375FC4E27669E18D6A3E8030E,SHA256=11F7C5884239CF2D79BBD8B422D794F94A1671E3F3BD016F8B7485B7F8C0C35E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\arabic.TXT2022-01-20 07:58:55.053 23542300x800000000000000061062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.549{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\doc\arabic.txtMD5=9929646E7ED4658CEDCF0D3E8C9652C7,SHA256=4491FAB4A00184CDAC48B9BDF876D53B2545E9828740A8561314BE01FA98FE1C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\compiler\README.TXT2022-01-20 07:58:54.991 23542300x800000000000000061060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\compiler\README.txtMD5=961F189A6FB803EA0E47A29FD908961C,SHA256=51D5980784304E5C547CBDE207A26AE31DDE955B99A78558FAAEA25C3D957B8F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\colors\README.TXT2022-01-20 07:58:54.850 23542300x800000000000000061058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\colors\README.txtMD5=F1A23F3A6F809D18D3A17300319C5E47,SHA256=78F550034C6ECFD15F603014C0450D9E029ABF0C276BCFBF0102929D51AE4991,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\B650C107-0000-0000-0000-100000000000-0.binMD5=B507C72CD3F8FFEAA6183F22A81B1F7B,SHA256=B5EE7C326068B3AA2B71577F6EC1E51FB48DEBA462EACC4D32BC89F62F3C7B77,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\autoload\README.TXT2022-01-20 07:58:54.772 23542300x800000000000000061055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\vim\vim82\autoload\README.txtMD5=2D99F4EF102E29E6CD36A19975D4968E,SHA256=37AB54C6C5C4C530A855647CF2AC05C3B4C03BF16B21EEC913B5EA1B95CE59F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.533{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\B33751CA-0000-0000-0000-100000000000-0.binMD5=BD4FE4B3DE2509E3128FA763982247D6,SHA256=2B3D0459345D0BBDF200DA449FC74A4B933692D21BB4F1FD83A52FEBDCAF3B4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.517{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\terminfo\78\xterm.jsMD5=2C0C93DD7ADB2D7828E8E5579ADF5F94,SHA256=2251E380D6DDD02F330EBF5A99F2AF11FBDEC5646E379951D3BC83711348205B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.517{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\pki\ca-trust-source\ca-bundle.trust.crtMD5=6DF24035D756B85D81BC7B80917161DD,SHA256=3A30BD8C787BDDCA9A0433D443A4AD97732BF4B075165B53D91366881AC25E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.496{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\B212CA87-0000-0000-0000-100000000000-0.binMD5=923E361C2575C76734C37B93760A2D64,SHA256=910EB822E5A0716B28AC885B197BC1D558F5DE44327D894BCF5EDD2A433B877B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.496{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\pki\ca-trust-legacy\ca-bundle.legacy.disable.crtMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.496{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\pki\ca-trust-legacy\ca-bundle.legacy.default.crtMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\AF0BB9CC-0000-0000-0000-100000000000-0.binMD5=F0B9CE67A0C1808DFEBF4F2B5DE38A64,SHA256=ADA1989EB1078BAEBAA143D5FA8C10D2A1D0097D30E6C2C40BC4F74D038EDEA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\A84A9654-0000-0000-0000-100000000000-0.binMD5=2425DF2493657BDF573D07BC31BB562C,SHA256=45CBA450957E67B0A2414643656203BE8B428F3B345000DCEE2D2BAABA8C3969,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\uni_keywords.plMD5=2FA1A76CDF11062EC944145F86C64A50,SHA256=BB744BFCF564AE07A48F21FA31A292B4B2C4BED9E431BE68343DF8796E706165,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\UCD.plMD5=3BB485B4EB9C2CF857B1A80F2EE41D03,SHA256=031A88D6B32A2D7C90BA7C00F50A3A48AE4132B73199C257622BCE33E030D6E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.480{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\A73606B1-0000-0000-0000-100000000000-0.binMD5=5D098EEBF6A4C146C16B9F9532C6619E,SHA256=B3910C7A3B9233F34B7CA05898A40A0052C455ED2739978A0EBC530B6B63900F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.464{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\_PerlSCX.plMD5=107A385A9EC43AE7EEE804C377BCA4A6,SHA256=AD33523DBD9B880567966B4E89B9E0BAA5E8370A5D0090EC4686811D6054616D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.464{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\_PerlLB.plMD5=E0F62F5C14FF0C3E2086997140784E47,SHA256=E17DFD0C9DAE41F5B3C13B4AC48FFF8C2A2014A8E27878CE30107D6D414E1D53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.464{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\WB.plMD5=8F77F62D374D6E36F89DBDD4BE3A2600,SHA256=C10DF978F10404C82150A1FEEA0B083117CB9F700247E07569498D9396D5E4D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Vo.plMD5=87397086A940FF1BEA42A230FD7281E0,SHA256=3566FD23AA48A628FE8F2AEF1E339B90A01143FF5EA3BAC35E818C9F1314F82E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Upper.plMD5=DBD48DB760078B7C15431542A8A4E2DA,SHA256=895F9C7A2A90D1B92CA6FFD8844FA46B745497E387B1C866D78D3FE1D4C4FE10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.449{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\A25A66B1-0000-0000-0000-100000000000-0.binMD5=C651B40268A35CE1D11D9449EF78B3E5,SHA256=31C1FFF9FDD54C7431772F71919F28C9871C2AEE25B170CCB25641442F23E727,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.449{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Uc.plMD5=25580AF86D86D945D15A8B2AF24AA72B,SHA256=C82E04235C58298D774F580D1B0DC723C8793F8A9461D8723DCC85F1FDDB54BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Title.plMD5=F751492965967F70511BC1D120F9E0F1,SHA256=609AD04A60592B701F3B37DA6FC68971246CD4873CF9D2D971E04BF97F38B2C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\A13AD82E-0000-0000-0000-100000000000-0.binMD5=514B197F0C53BD117CCA4B6F04BDB88E,SHA256=2A8BC7681336A857FDC3FA2EB1CAFE64EF0F6D267AAE1ECDC9C737037DBF81C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Tc.plMD5=425AC5B0840C18111DCE55CC9ED94222,SHA256=C26D8F98EF3CABB905BEEDB15482CEC0C70A2F0AA9624EA45103E3027BF3FE8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Scx.plMD5=7F5C3E8C9013AB5885BA8B51DE297FE7,SHA256=CE3E0987D33F8FBEC647A488550FF52B0696CC31E9A1C001388DBED562418A07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.433{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Sc.plMD5=B9C6552CD5D0322D00D2E9587F4A6ADF,SHA256=47329C7BA0916AF0BDE47BC6DF00B266E7AFF00F1686BFBE3CE6BDC9DA5BE250,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\SB.plMD5=53AC606E69317FEBC337C4661A8B0CF6,SHA256=5A2CC551356F307A182F30BAE13BF16F1F7040C094ADFCF1D9A90796304B3285,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\PerlDeci.plMD5=4BA18D48C9772236C1E5577166E2CC2A,SHA256=D2950134E7F21A48B535825A6E24237AB10CBBB3638E7393F7A7B4233CD7F9E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Nv.plMD5=4534E82700D26A4FDCEAE5B8F9FBA0A0,SHA256=8551805D7D077EE22373668059CC2BECAAFF6733B0020DA0C77FAE9B3793C4E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Nt.plMD5=17308DD48EDCE039CFC009A7D34A3892,SHA256=8012ABD42103D6860A8FF4D69D2C51C34661E62B4BE28C9DE1A28AFC00327C15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.417{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFKDQC.plMD5=E6B54B6056C402865220129EF4B2E958,SHA256=94BCD8E8822B983C49367BED574BB04DA4C40100E16845744B9FC05DACAF7FBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.416{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFKCQC.plMD5=C142F97783B3AC847A8D0DADF5B437BE,SHA256=EAB1CDFBAB2D3D1D52CC119E0F73B26EF949AB6190526AC02713001EC148BB51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.413{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9D191D6C-0000-0000-0000-100000000000-0.binMD5=B77E7A17E7EBF57E78E25C26EAA55362,SHA256=78491EC6BBEE247172D757E7030A32D8FE86673313B59ECB55324B5FF3B3857D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.412{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFKCCF.plMD5=139A90341AD0B5770579081E257233C1,SHA256=BA768B29444DDE64E9E7BB70EF9CBFFD4498142B1851E36B6C00CB6DB46D7530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9CB1988F-0000-0000-0000-100000000000-0.binMD5=517694A746641AB7F2FEA3DCB1002C7A,SHA256=E7FBFBEA6D3174A38F172E1847981C05D2AE5AB6617678864F7E5673F7561D7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFDQC.plMD5=C6248C963DF8D3D7E6AFBFB0AA3559A4,SHA256=F2BCA8BEB3E2CEE295CFE47A1F32912F4127B3FDD74BD07B76037EC48F461BA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9BBA5FC7-0000-0000-0000-100000000000-0.binMD5=3ABEDDE8C15719E9BAF1C889EE8C335C,SHA256=E0DE0BC715FA6F467A3D2E10220E129456CB8E084F71F1D1C30C29475758E4DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NFCQC.plMD5=5C5EE66E9348BECEC3B8EA28A4D285D2,SHA256=4E637713855CCA12C431F1D21B6B95226A86A8D54F742D6D545E32AAA4497EE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.396{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\NameAlia.plMD5=5601B0AE63DC2AC0D2EE67291F258B1E,SHA256=325D2988C0E5ED4EF89CFB4A63DD6601AB572E9D63F5854F5FD651C6AEB6EBE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Na1.plMD5=BFDB22B763638C465228E4705ECB0270,SHA256=92C0B08F0E6E084BFAFCBDA7384F343479E48333586B609B513C3DF7AD2F03AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9A18D85A-0000-0000-0000-100000000000-0.binMD5=83B38D9D177E6E2977E441ECCFABA824,SHA256=64FCA2ADC210523BDA8593C707AEA6DA84B7B7A1E8A66E495ABD283EB42C7298,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Lower.plMD5=B03E73889CB562D2CE71D1E3D1AFCAC6,SHA256=F1B128F1D77E391CE70582B05AFBF9EAABC706EEF56BD091139F5878AE853C26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Lc.plMD5=9B4FD879FC3CFE908006296D8C175DFE,SHA256=B0258194549D5F3784DED0E7164ADC4170BD2249AC4742B13DF3ECFFDC63F916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Lb.plMD5=B7225819387B58D7F994CE65A4F993A0,SHA256=8AB50B6D5A90C27F621DA5DA5755FAEA1B5C40634387146BA1A1C0E87E62F073,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.380{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9752B235-0000-0000-0000-100000000000-0.binMD5=6CEE91472B6E83A428BAB4B79B90EA8D,SHA256=B611A35E7D4A1264833F7502B6DA9D6BA9D2A18AE08A39D9F7B6DC346F10AE09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Jt.plMD5=9B2BDE3CF32FB7DE257CEEAA9CCE0E2A,SHA256=F066AAB62AB96478F5BC862034C081ADF40B483CD2AA789FEB87B3EFBE4C207B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Jg.plMD5=A14A1E3F56C6BE70BEED05D430D0E4A7,SHA256=0E8583A388F853A841C5A35B049A99BB6AA5C3F897764B4CD7BC1CC08B32B149,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\948A36AE-0000-0000-0000-100000000000-0.binMD5=99817F00627EC5C6F829742B2E7C270D,SHA256=6C52701A6627BA85F6908AF87C2353101B7AA1F09F4378A7B2FB246A23B0C9FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Isc.plMD5=231434C0F286E558848B2D5764FD4EE0,SHA256=84CF866E49257CF68F7C0270BD4E9075A1632C9896FA8D87B936A312C3B32284,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.364{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\InSC.plMD5=CF68B4EE4B0D7F12C7158220A5A3F934,SHA256=FAC901167C6638EC9C7FFD682FBAC8483219D5328F709F1E052135232D72E2DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\9255B24E-0000-0000-0000-100000000000-0.binMD5=3B7840F724537D572476854B14040B86,SHA256=57CEBCDBDED4AEF5C19AF339F4532013DFDAB1F6C7EA3E3F46FA2E1C62EBF235,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\InPC.plMD5=BC58563743723F02AD39BC026D403CB8,SHA256=B8223EF748B726BA751AAC36F18DE21C349A9F8BF7258869ADA36CC495870282,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Identifi.plMD5=DE1F2F80155A8CAD49F9CF89ECA30383,SHA256=8E3D42E1CFD5FA6EDFD1E328DE95F1B9CCD5E1A4A751564B05316110DD787BAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\91A988D9-0000-0000-0000-100000000000-0.binMD5=916D01DB0A76A2F16C798E83266AFC68,SHA256=ABB9E631BF9B16CA2A62200903A3005BEB957EDE142D11CA4FC7D4DD4F3D2FE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Identif2.plMD5=1DFD1177AE23379BB29A231062BAA523,SHA256=CC99DBDBE64D5918281789FC4309072B697C06A0D8E590BE0799756D91D19586,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Hst.plMD5=EF86ECB208211FB84FEEB6434B4F18B6,SHA256=D0453155DDAEA8EA08F995A198652FEFE5F408DC816FFE7B01529B26ACC3EC54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.349{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\GCB.plMD5=343CAF3698DAB28086EDE1D153FBAFC9,SHA256=1F75B26576D59F6C28CE0944B597D5AF9194FA919DDA809173039C4B949CCB62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.333{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Gc.plMD5=15CC4BECE648D0839898BCDE9CE8963A,SHA256=B3097B3CD0BFBA55C7965CD233576ACE095032BF75556C904B999C800C2900CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.333{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Fold.plMD5=CCF63881F38A1E239965EBFDD752B849,SHA256=764B5120CFEBC95904D010AC320A5B0FDA3D682C91FE3A7B41FC51B9D74332AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.333{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\EqUIdeo.plMD5=E1493204DCC1F0A8E3991C1D8DEC9E08,SHA256=EE312B8B076AD4B53C7EEF8791D63C1B6AFE7ED4970299F378EF50F222ED058B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.333{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Ea.plMD5=BC721E92ECC43E073277D697EE60F60D,SHA256=2D09B7AB7E4EAB2C4B04A8F25D9ABA022CDB80C3DF3B092BD95CC0907EB8C701,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.317{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Digit.plMD5=18D8870760D1C9B964D6FEBA741A8849,SHA256=098234594FA6349C5032AC62C60E730E6E48C0EF55E7FFBB6A68FC510905296E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.317{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Cf.plMD5=916F1C363E5C2FDE3498841A20C4C564,SHA256=29B39966CBB1767057009505DEE8CEF937B6537A2535DA66DC78FCD0988ACCC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.313{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Bpt.plMD5=6DF877587F13FF963D19A44D92F487B6,SHA256=E34F193578E6C2D04AEA4FF27ABDD96B7B7852C45ADE7EAB5CCDDB0C76B6242A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Bpb.plMD5=65371232FB327B089A2DF764965416C2,SHA256=A9F65C8DB262C9641C71FF0A19D49F1851909175D2C5FCFACDB7D8FDE3A1631D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Bmg.plMD5=D9D3FC910A68036962A71744ED359239,SHA256=5C3430C29A5359D3740A6475BC32E16CD02BC3F3AA32CF89279474D64D80C271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Bc.plMD5=FB0F0783A2A6CCBBEC7DCC09486D5BD2,SHA256=7A3B6FAA794E76BE87E0A0A368737927CCB79BC5133060FCFFD42DB887D1CC0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\90A214E5-0000-0000-0000-100000000000-0.binMD5=D82B3F6F5AF0F9123F62A972C34A1829,SHA256=FC043E4C0ACD17D316D51C7D00055ABB96F42DE93A7AAAA7D7E4E3DDA90352A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\To\Age.plMD5=70CE331FD2488A6AD901CF120FE3DA7A,SHA256=BC9E38A839776D271A03EB07B429E6B1C802346A92C00ED4E159EF3472CD05C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.296{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\8EFF07E0-0000-0000-0000-100000000000-0.binMD5=287F319BB7092CF6330AB5002C992D88,SHA256=31539839841A978A1FEA98817E0B3755FC14B80BE31FA4FD34CAEEC9E420AC76,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\SpecialCasing.TXT2022-01-20 07:58:54.022 23542300x800000000000000060986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\SpecialCasing.txtMD5=681D4E1EBC39C3362FBD6C293070A8EA,SHA256=6424312F1DC39B22E0FF9C0FFB13DFAD424D9B03E6A6DC6BCA941F6BF5EF1FFD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000060985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\NamedSequences.TXT2022-01-20 07:58:54.022 23542300x800000000000000060984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\NamedSequences.txtMD5=D12025EC2690D50B7EF1036AD197B9D8,SHA256=27282B8AA01D4D0C44AEF436CB74195AE8639FFA187AEEE4E6247AF76FEBEA76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.280{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\Name.plMD5=E675B4BE660058EF6819910450A28D83,SHA256=485C7FD9C3486D9E802938239268B688C758F573F7A85863CA1E2D3A8D635898,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\XIDS\Y.plMD5=99C3E20DA75832BD07362ABABAC942DE,SHA256=72DE10AA1A8850C10AE08CF51553F2BDAFB2A14B9E6CC1F391B950AB4CC27A0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\XIDC\Y.plMD5=707CC9F746B3294B459468CEE65AA41D,SHA256=E4EF6E8516BB64E370551CBB0380AD26156CCB28A83E05D0E847F1CABC33B222,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.265{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\8DB57C86-0000-0000-0000-100000000000-0.binMD5=A904FC9F2262C5B7E899679BB825F057,SHA256=FB6ACD22186EDADF7235BAD08304BA669DC318AE08D41F3C79FC08317339556D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.265{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\XX.plMD5=86BDAB459A3500040DA415F1908D5120,SHA256=EB3B820FEFBCE0F3BEDC60F13A7BF959C392251AECD423DB70B0FE9865DA82DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\875E27BC-0000-0000-0000-100000000000-0.binMD5=633FA094DF8B916A32292AAF91D01926,SHA256=9B14700FA6490B370ACCBADCE2B2295BCEDC67C6F8B12FFE1E57BD8CBDE96078,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\WSegSpac.plMD5=76E9928EC0EEC9C244DD06B48FC5983A,SHA256=848A3BFCB0C2DC9EB7BE36D56168C2B75CB7CDD5F4ACF160380D069EA164D384,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\NU.plMD5=198F92659E13530D34B0A569EA406043,SHA256=D374011ED5AE753AC00D994A3F07BF37BCEF3E8E7BBBEB77D3A2B5EFB2E26623,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\8247AE0F-0000-0000-0000-100000000000-0.binMD5=5D943950C109EAF534CC5C5FBD148A6A,SHA256=10DFCA1FD19B965B70416D80FB55975F94A1871A82136E9BC26B51CCA02D19A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\MN.plMD5=3DE6D26641B7293360355AC83AFE2063,SHA256=B42C7A1A576DAFA31C72D9E28B98C85E4174EE11599E760E982C7B5481E44927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.249{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\ML.plMD5=1B0AA32A4EFDA4A00A6B67D01D4F17F4,SHA256=221533CE519EC0648DFEBBD8482C12E7F1F5018842F6CBF66A8DDC884DDB4F2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\MB.plMD5=1ACF9E2D841862EA83318217CEFBCA5E,SHA256=1EA55A12E3F2E7504D2FDA38946AABE64DB8E7E4BDDE40DBCB27EE21D4BF85B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\LE.plMD5=1E1FED60C2A18C737A33A0D2D81D5E34,SHA256=B7F3C47F0AF2C433CC54B460B07377F772F9D9F580DC1FFC807EECD8D7829F44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\80A749DD-0000-0000-0000-100000000000-0.binMD5=24D78BEDF41336884851A80752DF815D,SHA256=633AB9EBC3CF2344CE9726EFF4348C61BEC6BE8F315F387A0A13A0B2FB22E5AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\KA.plMD5=3751645087183FBD1F619D5559F978B5,SHA256=99F2A9236351F990B3C1BE059F885E14C3F97755A1CB775F9C0ED8309A61CAE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.233{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\HL.plMD5=104282863CE87CA11757A844187F375E,SHA256=79F0C9EA74E4E7D2346D527F78FEACD598FE2D7EEFA9DFEE0536900008D90DAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.218{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\7EEBD808-0000-0000-0000-100000000000-0.binMD5=0E98929FA6F2886DB1A99FD8E4716894,SHA256=EC2F66FB3217A0A9230E49D4C476A01377FE63B0DB1036C438E9EF4B238503F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.218{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\FO.plMD5=A4B195BE7AB2C8B09B9BB18F413C70C7,SHA256=1740D97066BC2E01FDC4907939A768F2E2C4E20C3D3088A06E15BD0432F34A2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.218{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\Extend.plMD5=4C3C1EB8F50D963FFB92F9CFB71080AE,SHA256=06144014C3B3F411E64463A31164D709DC421152C4B04AE382BD0157458CC821,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.218{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\788EFEFD-0000-0000-0000-100000000000-0.binMD5=676E656973DCAF3AAE3A5F03D81267EE,SHA256=D74B2AE543F73A2210167D2F9DDC39EBB7824B2480BFD17090A2CD973A42F75D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.217{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\WB\EX.plMD5=2C526945FA5939767C24A14F47BD1C8A,SHA256=6BCFE5C8DC8122DC94C19320D13B93CF015127448E686A02DCDCDBFD2D173106,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.196{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Vo\U.plMD5=EE29CA68CDDE1B80C58E823DD96FBAF3,SHA256=5D47E556E84BD91523D9758E7DDFDF34128A3FEDF5E10C583ECBDDF739B89913,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.196{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Vo\Tu.plMD5=95D03BFA3BF5E81CEF1FDC9572912A24,SHA256=E79B53999BFD2F92F98C93CBE531A9F2F93C8083BD32E2B23BDED8A095851455,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Vo\Tr.plMD5=2C464ACEE1E1C82E5247B32A0835B833,SHA256=1FFCD43B0B8A8C5D192A27BB6E7C98C30B31688CBEC9EB33B3103EE85DAC0417,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.180{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Vo\R.plMD5=6613B43964C5395900A19F05BD71FDBF,SHA256=87D737F5C804723CCA73C404BB7D92767E6FCA930F3084B94413EBB8F9A96205,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.165{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Upper\Y.plMD5=1B4D87827AEA6820C8F33F0E9AC59CD0,SHA256=AA2299304D8C924EAD26806E8AAA4C80E6FBF9CBDF68001F7F216BF150DC8440,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.165{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\76AA80CE-0000-0000-0000-100000000000-0.binMD5=E903C58E8CFA07E4223D459737C57BFA,SHA256=9933EFE99AF9496A0BB4D60BE583AA73CC0263E9D6BDBA027DD5C071E635BF54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.165{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\UIdeo\Y.plMD5=25ACD3DAD5A3B510BD09E5A843A7BD48,SHA256=79DB9DEAF58C9246F22658A5ECFFE9A46DE22757502264D211227A3E075D3456,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.165{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Term\Y.plMD5=E767080C69F5E0761E386294C0704677,SHA256=EB200EFB903445C6D0798CD4011211EEC6EB7EFD113F6BA0A3F34C6B89994F87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\STerm\Y.plMD5=3F4B6806F71D633BD4B9F09AC9B72F3C,SHA256=15E08E494A0AEBE152D29A75A68AD370675FE3A4598B3230D1370CD8A1B50F4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\SD\Y.plMD5=D4373C6F10000B7ABAD8AE2352BD7A31,SHA256=3C8908664BB6BA5DBE87146FC6EBF3E9DF401F10FE1BAF5FB34D6A9D894F1971,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\69EBD85F-0000-0000-0000-100000000000-0.binMD5=47BEF9C37DD95E4F30127F4E841AD5B5,SHA256=91C2E8E269D8382DD89819A329FEE9082F165E486CCDF6022F9B42CDBF1D6A4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Zzzz.plMD5=BF160FAFA640D2516D91B3A8432FA90A,SHA256=F8CF433095E9D039BB451ECD757C5B00E08804E5A181301EB5D91244DC6E7517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-18CD-61E9-7700-000000002102}484NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AED974DCE00EE334F46EBA95B4F3ED8,SHA256=005FEFE7004B38C15B1597CF41141555775FF87977E1E55436C49E2B4F513772,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Zyyy.plMD5=087D4F4FBF09FCC7B242D1DDF70833C4,SHA256=2FC7AB463DFD014BE80FE4F24B26824F2909F2DEF120DDCF687878734C32D7BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.149{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\69825A4F-0000-0000-0000-100000000000-0.binMD5=B5EB40DC7A8112C61865978039D337AB,SHA256=CA7BC20922F740065222E1DC740A3C131CC5297D1F32CEEDD8833AE7E8C068A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Zinh.plMD5=AA1B3B58A6156F50FE5793A416D8745A,SHA256=3BD98A64D5824D49F9B8E101411D3698C80781870574B846A341B0A6562516FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.133{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\692D8A75-0000-0000-0000-100000000000-0.binMD5=962CD56312371C56106C2E97DC6345B5,SHA256=9EF8D285CD86F11384467AD3C9560D4043BA4810202C50D286EF6AA34D43459B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.133{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Yi.plMD5=DB6E4BD1F8EF401163CD0AB7C2B69E41,SHA256=58C14BCC03D5585D573F5A15AFE25412394BA1215EA72557E08EE0F42BA70C3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.118{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\6445F004-0000-0000-0000-100000000000-0.binMD5=2A1BE30DD51CE25EB42A483B4DA968E7,SHA256=61235E9A6070FEAF0A7161120A014A762BCAE8105B58F7802A057FBF4AEE2A0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Yezi.plMD5=D0DFFAA46B4459F290C7584418B12A32,SHA256=65C8A5FAA1BCBEB75BDFAB8F17444287790442F08B1438A926702F200C5B753B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.118{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\60E60F09-0000-0000-0000-100000000000-0.binMD5=91D98C2FB69C01F10F8D184B1DCAD598,SHA256=D9F23BA8AD423D41A88C84CDAAE766DCA7FA67EAD84BFF4AE732FF137FBD1428,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.118{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Xsux.plMD5=B42A71682601DC1CAFE690E5F0C81B8F,SHA256=3B5AE62C9A88F067B7D08DAFB06C9E229E2BC78C19229A7A05FFCE97AC2BA5E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.096{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\583610C9-0000-0000-0000-100000000000-0.binMD5=AD296B980DA22D0ED682A1917C4C1F4F,SHA256=C2FFE760693D38A8410B37B403DCD6A2F89C8C956ACB61B9DBA57E7E3DB77C9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Tirh.plMD5=D6819B5D1295A7FA3CC6DDF72F843774,SHA256=9381B5869FEC65AD077B8AF69A63BBEAA9A0CF31CECB08C4768CB6345907DBDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.096{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Tibt.plMD5=A7F4204EB7BE392FB035F239C40FB095,SHA256=DBECB6B7099097581EB0DAFE6DE440850F73393AD6172260DF4714B57C89A5B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.080{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Thaa.plMD5=D8F35E62A613C8E6B2928957CDA0CCD4,SHA256=8040E2763AFC1B5E96E1EAD80DE33280823596E8993588C572BEF16DD731F4A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.065{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Telu.plMD5=187F4EF9636099FBE04C7FDF5085A94E,SHA256=539FD6BC2DF5E4B3743F47E817370FC350D39F4EF58A5B3A729EACAB6FE13F6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.065{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Tang.plMD5=FFF31FA677CBB785B804FB0661A96CCB,SHA256=47FAC20131B5FFA73B8DC366CB8C3B9DA16BC1CA7748AE97C87D64B9E316E61E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.049{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Taml.plMD5=F774CB0188AF4DD502D72F9E62553EE6,SHA256=8D6DF18514620E905F7753F2C3937210825E21CD28E5F502BE50CCC5D04617B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.049{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\547FFF31-0000-0000-0000-100000000000-0.binMD5=07A8E0323E3BF5B4C069F2AC87EA0CEA,SHA256=D7372B6925ABAD7B4E2807804BBC1C81AEFD967B7795133F2FB1B8AA61DF108A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.034{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Talu.plMD5=98FA690E0E681B55280449A3FAB9B767,SHA256=8CEFA4A20066F9FE68DA8682C1F9F4D1C639EA167E8D4242CC0F68D49233B70A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.018{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\53975E6F-0000-0000-0000-100000000000-0.binMD5=CE0DCF08805464987B2504FBBB146068,SHA256=4D52CDB0B80128A34956F3A9890133F4E82B59F6BF1520398726EF27649118FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Takr.plMD5=E76FAEEDF0CE4DA96B71BAE5F2BAC127,SHA256=D50EF74A31206C7170CF7A05B57AE3B4EC037E069EF8F5CA329B6F9A941724C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.018{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Tagb.plMD5=542B705AD85F52964E74C24E5D6C6DE2,SHA256=01E42238AA6E5EB7FF072C8418028148DBB38891692D05B0AE20D9CFF1245D78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.018{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\4D79D64C-0000-0000-0000-100000000000-0.binMD5=EB0642116B9D612F91CF46FA9A0EC811,SHA256=7356924B00826C16215853B975E65194BB9D75449888B74D2508D8CFEA3ACA8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.017{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Syrc.plMD5=79982F36189840DB3AF6BB65862F36D7,SHA256=A4D7D57E82D834FB4DF58C6A4F77A9FBB2E19809D89B35B2AB5DB20F22758022,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.013{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\4B8F0408-0000-0000-0000-100000000000-0.binMD5=8BF6F5424F3BD1BD6483822AC1D005DD,SHA256=B74198BEE48EA775D35FAFB952FE6A2CCEFB84ECE1BEDB1F08669D7AE44D4E8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:39.012{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Sinh.plMD5=A4B28FA4B5165836719AFB4D4F9559D6,SHA256=6516E135DD369FDA510E001886048DB0ADF280545BF72E0FC6143C36A5910566,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000060924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:38.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\Git\usr\share\perl5\core_perl\unicore\lib\Scx\Sind.plMD5=596F77BA7CB2D448D87A8B4193543B3A,SHA256=022806549A1639839BF9BD543998E5EE449B3085B81CBA635F41AA5C5C83BC45,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000031826Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1B12-61E9-AF00-000000002202}24603956C:\Windows\system32\conhost.exe{CE7C8936-3BAF-61E9-0A06-000000002202}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031825Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031824Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031823Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031822Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031821Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031820Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031819Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031818Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031817Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0C00-000000002202}7003204C:\Windows\system32\svchost.exe{CE7C8936-1A7D-61E9-1D00-000000002202}1956C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x800000000000000031816Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1A7C-61E9-0500-000000002202}388504C:\Windows\system32\csrss.exe{CE7C8936-3BAF-61E9-0A06-000000002202}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x800000000000000031815Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.753{CE7C8936-1B12-61E9-AB00-000000002202}19122580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{CE7C8936-3BAF-61E9-0A06-000000002202}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x800000000000000031814Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.754{CE7C8936-3BAF-61E9-0A06-000000002202}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{CE7C8936-1A7C-61E9-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{CE7C8936-1B12-61E9-AB00-000000002202}1912C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000031813Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:37.798{CE7C8936-1B1A-61E9-D900-000000002202}4048C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-tcontreras-attack-range-276.eu-central-1.compute.internal51387-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000031812Microsoft-Windows-Sysmon/Operationalwin-host-tcontreras-attack-range-276-2022-01-20 10:38:39.128{CE7C8936-1B20-61E9-E200-000000002202}3964NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2578A6D4277356E8DD3B942F28E55B22,SHA256=0BDA554C473FD0BFB35118F321FCB787D4F3836C4956E1F84B7FF706758594FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\users\users.iniMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\44E09DC03C072E3E12C73248D40D203CMD5=BD61A041658E33C2C3ED0DEE0076DE80,SHA256=F73DBDB0751C8BA35438D3BC7D5BF16A550B18956A62960A72EEC14B97A8270B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.996{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\41774F5B6E9AC2628A4112DE02A03DB6MD5=5F6DC00A8642BEB4B03DA55F69ABE8EC,SHA256=4CD46E7BFCABBF85810E129AC79358C1A30ACFB8CF469CD9F8DCC8AB4F8D7C95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\38BEAD793168371D7450BBF648FCA3D5MD5=0C1490A122FC49EC6F6C5ECA5397C04A,SHA256=B25F1B5AC2F9749315EEDD2A93C4FBF6C84894A4C8246784EABF9842B237EBCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\29273F82A59CE197CDC79425C9F2390AMD5=C633301E207AA7A2A00E702E24F8358D,SHA256=E4104676CF3D96490BEB849114DA081BD9AFAB56477B2662191C15A02D6E87A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\28193F41FCB692374C9FFC7C3BA4921EMD5=900C42FE7F3D6AF56C6258598BE7D43A,SHA256=50A715F22674C450FE9A369C44E8EB0F502F9D5C7AADD29122E323FCB1CAF620,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinRegMon.cmdMD5=B8A52A1BCAE17281107B2FE9B02C3B9C,SHA256=F1CA185012AE271FFD0AE0DCD07DC6AA45788562894061175F7F43291B133E8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\1CC4D80F1A0877D0EC5CE7E7BC8B51AFMD5=86BA21314B2630D2FB4893260C37A401,SHA256=F1DDC4B22850911146C812166B47B2AAF43D4F9B1F7869E46BEB36A05926BF91,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinPrintMon.cmdMD5=A8E73AEF98E1DAFD1ED8CB0E1B0B42B6,SHA256=49F5A365C8BD65A86716B676EE074D588D14ABE24643B693C991B2EEF200E4D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\19087F00AD4DA631E9F1DF4B9DB3660FMD5=1E72796C0BFBBAC450596F6CD1F4DB88,SHA256=B1419C6717577D68D3D006277076BC8B03A5420315D2BDE6C595108C9A966A27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\187C45C4E50F22AF769DE46BB19D86CDMD5=B73B3994EE9550E7826CAD5972592410,SHA256=35B6DCB46B043BCB6D864821E06A8EB23E1317EAE4A933228372689BA162A236,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.980{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinNetMon.cmdMD5=D5ED214160D31F70A85C714FB5E7C83B,SHA256=79F434BA38260D6781E9E76E54404AC04447A798DC3A856A8ADCF7A7DC72E1A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\1147D9B6434000301E48E7D66143EAD7MD5=7198FC93F4D56F1087951807780B3073,SHA256=7A4D283E1BDB296F0BF2D662F0250EAEF62004E464B16FA285FFF499A834DEF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\10E76ADC08650B924384C62B0C2DD411MD5=3D713BEDAD604F2C8B4E8EDBEEF39F4C,SHA256=F7BEF1CDD98D8F0E0514B831AE10904024FAEA75B44A4EB195D5E1EC1D5AB162,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\0ECB1429930139E0C870510F73744BFBMD5=A74AF04F9933217D8D4784C6139DF204,SHA256=BF568AC720CF94B773C001672A6A27068572291731AE791AF6F7557534CD882A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\WinHostMon.cmdMD5=6EA0EF6391C4B624B7FBC4C691031708,SHA256=58F89B5649E27CECF6476F9AA49CA26E828E00316C767A09BE37D97B40A88415,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\0E87A69F84BFD0F72A99C702B38E127BMD5=C43CF680143A8CC777479977E187D5DF,SHA256=C0CAF365D2131C10B91F398699CF3CA214B2EE70349FCA34866EDE3030045A46,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\winEventLog.CMD2020-02-07 07:06:30.000 23542300x800000000000000061839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\winEventLog.cmdMD5=5042DCD0F447EB7877AEE22C1FA5ED71,SHA256=86B1B8AEA014C6490961F336FC63E1BFA512AAAF205CC18F430950FD6068FE34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\0A9C1C7BF3A1A69CE92A09E264D1E10EMD5=5510CB4B0607832AEC944A18ECA40435,SHA256=8A163828126ABB50DE166AC412BC19318CCDE03D878CB98402A16E08A27C6F3A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.CMD2020-02-07 07:06:30.000 23542300x800000000000000061836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\0A44E5B349E776A65CF24C6E9F8517ABMD5=AFB4618FCF6B7BBDE5CBF79B439641A3,SHA256=3B72471403E3899FCB462578E4BCE2CE413E5155D43C172DAB3F8D174ACC9543,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.964{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell2.cmdMD5=38CD11FA13326E79F1A7370A7028BDFB,SHA256=001C1BD264113090D46657874BAFB0E3F60E148FF920DB105F6FC1C52AA4AA16,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.CMD2020-02-07 07:06:30.000 23542300x800000000000000061833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\powershell.cmdMD5=2D74D5C3E506FA8E88C838DF0870F1F6,SHA256=9096D9B164D22F57B903C8219DD8F94333FAFF464FE28239CB5112576E84BD48,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\perfmon.cmdMD5=B1336C5BA5491156E3D7D05B84CCA053,SHA256=68685F15AE748A62C651DED473E0E259F75C09F7906CE1F20D09D3B63311537D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.LogMD5=C65D6CC56B6E3122469A0A7E57675BDF,SHA256=2C31EA0E31B2D427716A7A59A5CC64B69B81DBB0496B280CF74E684B62197BC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\System\{3D834516-209F-4504-87DD-E4CF85E053E4}MD5=6883F8664C8911B84F614708D48D3151,SHA256=4A61CDFA39445F618940CA5CF5EFB1AA1BE289DCC72663E6771D3865FCFDEE28,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.CMD2020-02-07 07:06:30.000 23542300x800000000000000061827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\MonitorNoHandle.cmdMD5=5C0FD0AA51D0BE93CBCC80B74494BA17,SHA256=FA06D6042ABAE5C9016598B99586799D95C9D0E0FCAE6715AE516D091508E1C5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.CMD2020-02-07 07:06:30.000 23542300x800000000000000061825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.949{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\system\bin\admon.cmdMD5=249D72CE8B393A3B1078D4226442E487,SHA256=7BB75239427AA3F5069F01FD23B634746726E51346F473D06C603C017F666EAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.933{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FF796F23-815D-4257-B5F1-F7EB324F4F98}MD5=604B5E95A3C7EFD55E16A91676050A13,SHA256=3E2FF391DC5D44E85B651D1916237EBA91F6D31D7C2A37E475CF29967A9DEC98,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000061823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516C:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\copyright.TXT2020-02-07 07:06:34.000 23542300x800000000000000061822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\copyright.txtMD5=25A9FEDC584FC6D5E10F689A1352D947,SHA256=144B3E7979C26A2AB1DB949C052B71675167DFA8F3B711A8714708D0EC29E3D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FEF4815B-2450-41EF-B87D-FC0097E07217}MD5=B87563390C33BD887E6E1DFA678F3ED1,SHA256=BF37AE64A519666672E428B858DF8727F470F2FE3702BC2F1892CD974BDDF2F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FD97EF81-96EE-4436-A7AF-669A4B5EACF6}MD5=018CE3A354CC305F6FF735270FD9CF6E,SHA256=52884BDD13A9B29BC1EAFF25AF22AA9C94117E6EAAF580FF53AF21D1DA81F7A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\server.pemMD5=D26E6070B303CE642E06768C9803372D,SHA256=8C2B5B74196235AC475D6E2E4A76CA196D60C9F65E29257E0A1AA848D7290FF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.917{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FA57A0C9-C941-4618-AB39-630D20978122}MD5=31CE02F98C431CDB191CFA2FD61CEAC9,SHA256=ACCA83C3A50D3945C79925B43E6CE1FA2E9F59962C34609311E2145A867FD21C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.916{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\cloudCA.pemMD5=6123784D0E0548ECC0919B6C3FC0BFCF,SHA256=6A4C39AEA9FD1A0ECD670D7B29FE5775B1AE20AC99D466A8C50AFF384A519FC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.916{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F82D59DD-34F4-428B-9A90-2915C53E5F76}MD5=C5C438723F5229C28FA0305CFBB4C74F,SHA256=DA2F72507A1D18BE555235EFE7F596CA8484102D208E66F2B1AC3C8AC138BD79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.911{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F7975A06-376C-44C8-9C91-051434AF8A27}MD5=54ABC323CAACAEF7CE2A3C1249222946,SHA256=F263DC57BF3AC276227A39D1132BDD14067C3BFAF35E5E17EE59C728E8DA2DA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\cacert.pemMD5=5BEB8C41240919B4A61065F8E721A40D,SHA256=6057072A78C42FD2DDEFE110938EF20A4BE28B89CA6F961F70287BBC73D8EE1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F725779D-5D3D-4088-80A5-E992AD321021}MD5=7DCCFC3995BCF6342BE9CC800AD0578F,SHA256=4C0280CD71977001E8F4CC8E1011739C15061E7DF07176AB8FC0FE1EA2894302,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\ca.pemMD5=2E1F43E540800A11AAAF401AA69BE0C2,SHA256=58F46952475C6BC1599688DCBB622323F3EDDD55AB1AB37DF3BDF77F426E8584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F6EE5093-29B6-41B7-8CEF-FD8C744866E7}MD5=7493FF027A1BE4D75F9A1A5A4F4FC0A9,SHA256=5CC7D21738BD4A0DD189A4E4F38A3FF8A9F5647D70090C16C2F9175102F21FBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\appsLicenseCA.pemMD5=FB30C5636D0108B2688D7E1ED59749AC,SHA256=7AE2B5B5CB1D0D451D226DD26E62BF5F442A59E7F4EECADD0A9F8CE365E68B92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F50E1E0F-5326-43A6-9BC7-02BC62340906}MD5=4A5FD2B9B60D7D8BF8AE65F7C9BDE8C4,SHA256=C911EA2CCABFE1FB63B2B32BE98B527445E1CC9DB45EB09B9116D20869C3AA9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F407B4E0-5B75-48FF-AB87-CDC661E48808}MD5=1FC56A5682624A475B68FAF738AD6B97,SHA256=926AEF4033B4098DC58FD48CDDDEB7AAEF659794E63C7D221C680EBD446D199E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\auth\appsCA.pemMD5=0A85E816D4B07CFA1022FEC5043C733B,SHA256=C51FD6490041A4E78FB5A91BB49330197F488332E70954DD877B7C511C4E4F3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.896{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F32114B2-32F3-42B8-86E3-598985CE231F}MD5=92A1FFE20B0F2C1F869F4E8EC31B6AC2,SHA256=D242E58001E0F4C81AFB0E716116C790647073A872F37D69875DB0B8032C4520,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js\underscore.min.jsMD5=5224D253D572640BD12C2AC6BCBD5811,SHA256=8C17561264389571750AC522C272868D7105CF5E3F8AF4761D09489B631D177C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F1ED5B2A-C1B0-41DD-95FF-06EC688BD63F}MD5=5764622580FEFCEB88589542AA293EBD,SHA256=45247893B027859D2EB7809C691D079DA84995E92117A9E72A5F1B67E41E8459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js\jquery.min.jsMD5=25721CED154B3A99E818431446D7506D,SHA256=FF4E4975EF403004F8FE8E59008DB7AD47F54B10D84C72EB90E728D1EC9157CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F19E6FD1-C2D1-4B43-B89F-00D6108A43D5}MD5=D16667C9C073B4782EDAD752A6AA10F2,SHA256=A7533CCD99BD31AD1AA3717562B834A83E19DD8F2F85B6D7768EED92D0549EA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{F17EE22A-4414-4566-99DC-3DDEE5B1FD09}MD5=79E6C5DB4487A8C7477CB1C477B4C59C,SHA256=ED1D7F3062FA591C9F3CB788CDB0C306B4560800DFFCD8FC17048D7F71F1F51D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.880{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{EEAEB6E5-9842-4D94-BD33-07EF39E37DAB}MD5=39F0EB4E99577E2D2A63187C4AC354DA,SHA256=C15BE28D39DF7DC2A0061045010DF5BAAFAB1A958E323033B9F2B319690A9F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.864{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ECEB8D24-0962-45A8-BF51-A5E5503F1CBD}MD5=B323A4808B31546562522A691394FC71,SHA256=72847498E5DD085B70DB67C4F39F95FC4D5960D9E5941E0ACF287E5EF0A2478D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.864{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ECA8CAD8-0533-4BA4-A51A-2D73F0472968}MD5=EF80BCDFD14ACBE3AA742AC4EAAE828D,SHA256=AAC42DB7202050D10E797E7F51874D439865DBC85DCD2714B4905AC00ED7D046,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.864{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js\jquery-ui.min.jsMD5=39C800BAD13F22DBFBAC469A608DCDB4,SHA256=8D5D2C7FD4AEB69AE85FC2E283F47D23C43263B83742BA43C822C94AC5A9F8D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E950208E-2E6C-433B-BBC9-CB7B21C7E338}MD5=B0039F09A450CEE7395F44573791A10A,SHA256=9CABCD247C2CB1BB3208DBE8E23D052C678EDCB005FB5411DDBAD0D37CCC930D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\index.htmlMD5=0C1496FD5B9E1EE1454309090F09677E,SHA256=00CE866F57F36CA27A2B44E062832360A2DA88647B70920C4A6F85D68749660B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E67760FD-8283-411F-B7DB-65571AEA72E4}MD5=C6FB605019DA2D7EE3CE64A25B446760,SHA256=3FCF0DF2128ACFD4ED42D39AF57898C704A1850C736C937EA53DD4D740896C79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E55C5A8C-C569-468C-9A51-237542126B7F}MD5=251D2BAF40F17D0614C2DF51A78DF4FE,SHA256=CCDFE1A3A11C7F662869C345BE368B8B8FA334A54453510B5C9C3D698529A846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8409-000000002102}1516ATTACKRANGE\AdministratorC:\Users\Administrator\AppData\Local\Temp\2\InstallUtil.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\images\ajax-loader.gifMD5=2A6692973429D7A74513BFA8BCB5BE20,SHA256=1EB9E7880F723999A4ED63EECE6A6E4D4976833D3C16DC18B4ACE3971728AB0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000061791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-53.attackrange.local-2022-01-20 10:38:40.850{6F5BEE90-3BA5-61E9-8209-000000002102}3968NT AUTHORITY\SYSTEMC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E5416BAD-6C12-4BD3-8B8E-BC84D98EB068}MD5=88EAC9B31A2444A80059C3D8775CE091,SHA256=378EFFB2AFF3F09BD2D2A1B