154100x8000000000000000118123252Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 15:20:02.274{EF490992-D8A2-644F-A078-00000000CD02}1540C:\Windows\System32\AtBroker.exe10.0.14393.0 (rs1_release.160715-1616)Windows Assistive Technology ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationATBroker.exeatbroker.exeC:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-5C47-6449-A759-4A0000000000}0x4a59a72HighMD5=8507D8A98EFA12F285A504DAEF14A0A5,SHA256=A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4{EF490992-5C45-6449-8F02-00000000CD02}3484C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000118122313Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 15:20:01.079{EF490992-D8A1-644F-9D78-00000000CD02}4144C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-3{EF490992-D8A0-644F-462F-611200000000}0x12612f463SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408{EF490992-D8A0-644F-9B78-00000000CD02}476C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000118122187Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 15:20:00.997{EF490992-D8A0-644F-9C78-00000000CD02}2648C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa17c5855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5{EF490992-D8A0-644F-9B78-00000000CD02}476C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000118122026Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 15:20:00.570{EF490992-D8A0-644F-9B78-00000000CD02}476C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9{EF490992-D8A0-644F-9978-00000000CD02}2224C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000128 0000007c NT AUTHORITY\SYSTEM 154100x8000000000000000104022420Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-01 14:57:31.778{B47600AF-D35B-644F-1691-00000000CC02}2244C:\Windows\System32\wlrmdr.exe10.0.14393.4169 (rs1_release.210107-1130)Windows logon reminderMicrosoft® Windows® Operating SystemMicrosoft CorporationWLRMNDR.EXE-s 60000 -f 1 -t Consider changing your password -m Your password expires today. To change your password, press CTRL+ALT+END and then click "Change a password". -a 0C:\Windows\system32\MSWIN-ADFS\Administrator{B47600AF-1D24-644C-4A65-A00600000000}0x6a0654a2HighMD5=DF9B0FA86DD44537F0764C0B068C32FC,SHA256=E6F559A6A36C042826C9430B2D669A7FA4C3513159DA370B2CC258E13AF37591{B47600AF-1D22-644C-DE3D-00000000CC02}3036C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000118084003Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 14:57:30.039{EF490992-D35A-644F-3278-00000000CD02}2844C:\Windows\System32\wlrmdr.exe10.0.14393.4169 (rs1_release.210107-1130)Windows logon reminderMicrosoft® Windows® Operating SystemMicrosoft CorporationWLRMNDR.EXE-s 60000 -f 1 -t Consider changing your password -m Your password expires today. To change your password, press CTRL+ALT+END and then click "Change a password". -a 0C:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-5C47-6449-A759-4A0000000000}0x4a59a72HighMD5=DF9B0FA86DD44537F0764C0B068C32FC,SHA256=E6F559A6A36C042826C9430B2D669A7FA4C3513159DA370B2CC258E13AF37591{EF490992-5C45-6449-8F02-00000000CD02}3484C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000104020160Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-01 14:57:01.759{B47600AF-D33D-644F-0D91-00000000CC02}3288C:\Windows\System32\AtBroker.exe10.0.14393.0 (rs1_release.160715-1616)Windows Assistive Technology ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationATBroker.exeatbroker.exeC:\Windows\system32\MSWIN-ADFS\Administrator{B47600AF-1D24-644C-4A65-A00600000000}0x6a0654a2HighMD5=8507D8A98EFA12F285A504DAEF14A0A5,SHA256=A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4{B47600AF-1D22-644C-DE3D-00000000CC02}3036C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000118082606Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 14:56:59.975{EF490992-D33B-644F-2E78-00000000CD02}4264C:\Windows\System32\AtBroker.exe10.0.14393.0 (rs1_release.160715-1616)Windows Assistive Technology ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationATBroker.exeatbroker.exeC:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-5C47-6449-A759-4A0000000000}0x4a59a72HighMD5=8507D8A98EFA12F285A504DAEF14A0A5,SHA256=A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4{EF490992-5C45-6449-8F02-00000000CD02}3484C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000104018287Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-01 14:56:59.951{B47600AF-D33B-644F-0A91-00000000CC02}3936C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-3{B47600AF-D33B-644F-8867-361100000000}0x113667883SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408{B47600AF-D33B-644F-0891-00000000CC02}4632C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000104018200Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-01 14:56:59.808{B47600AF-D33B-644F-0991-00000000CC02}2792C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa22f7855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{B47600AF-4121-6449-E703-000000000000}0x3e73SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5{B47600AF-D33B-644F-0891-00000000CC02}4632C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000104017891Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-01 14:56:59.388{B47600AF-D33B-644F-0891-00000000CC02}4632C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{B47600AF-4121-6449-E703-000000000000}0x3e73SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9{B47600AF-D33B-644F-0691-00000000CC02}652C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000fc 000000c0 NT AUTHORITY\SYSTEM 154100x8000000000000000118080235Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 14:56:58.201{EF490992-D33A-644F-2B78-00000000CD02}2508C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-3{EF490992-D33A-644F-FF95-4F1200000000}0x124f95ff3SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408{EF490992-D339-644F-2978-00000000CD02}3172C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000118080109Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 14:56:58.107{EF490992-D33A-644F-2A78-00000000CD02}4428C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa101a055 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5{EF490992-D339-644F-2978-00000000CD02}3172C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000118079833Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 14:56:57.823{EF490992-D339-644F-2978-00000000CD02}3172C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9{EF490992-D339-644F-2778-00000000CD02}2984C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000f8 0000007c NT AUTHORITY\SYSTEM 154100x8000000000000000111747492Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 19:24:24.151{EF490992-1D68-644C-0535-00000000CD02}3728C:\Windows\System32\AtBroker.exe10.0.14393.0 (rs1_release.160715-1616)Windows Assistive Technology ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationATBroker.exeatbroker.exeC:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-5C47-6449-A759-4A0000000000}0x4a59a72HighMD5=8507D8A98EFA12F285A504DAEF14A0A5,SHA256=A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4{EF490992-5C45-6449-8F02-00000000CD02}3484C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000111746552Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 19:24:22.146{EF490992-1D66-644C-0235-00000000CD02}3512C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-3{EF490992-1D66-644C-CA0F-BD0700000000}0x7bd0fca3SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408{EF490992-1D65-644C-0035-00000000CD02}4388C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000111746495Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 19:24:22.060{EF490992-1D66-644C-0135-00000000CD02}604C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa2811055 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5{EF490992-1D65-644C-0035-00000000CD02}4388C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000111746351Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 19:24:21.771{EF490992-1D65-644C-0035-00000000CD02}4388C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9{EF490992-1D65-644C-FE34-00000000CD02}4440C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000d8 0000007c NT AUTHORITY\SYSTEM 154100x800000000000000097376292Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-04-28 19:23:48.070{B47600AF-1D44-644C-0D3E-00000000CC02}3536C:\Windows\System32\wlrmdr.exe10.0.14393.4169 (rs1_release.210107-1130)Windows logon reminderMicrosoft® Windows® Operating SystemMicrosoft CorporationWLRMNDR.EXE-s 60000 -f 1 -t Consider changing your password -m Your password expires today. To change your password, press CTRL+ALT+END and then click "Change a password". -a 0C:\Windows\system32\MSWIN-ADFS\Administrator{B47600AF-1D24-644C-4A65-A00600000000}0x6a0654a2HighMD5=DF9B0FA86DD44537F0764C0B068C32FC,SHA256=E6F559A6A36C042826C9430B2D669A7FA4C3513159DA370B2CC258E13AF37591{B47600AF-1D22-644C-DE3D-00000000CC02}3036C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x800000000000000097355789Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-04-28 19:23:18.047{B47600AF-1D26-644C-EE3D-00000000CC02}3760C:\Windows\System32\userinit.exe10.0.14393.0 (rs1_release.160715-1616)Userinit Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationUSERINIT.EXEC:\Windows\system32\userinit.exeC:\Windows\system32\MSWIN-ADFS\Administrator{B47600AF-1D24-644C-4A65-A00600000000}0x6a0654a2HighMD5=C1B1FFC800BE2F31EB2CF8CB40629C69,SHA256=CFC6A18FC8FE7447ECD491345A32F0F10208F114B70A0E9D1CD72F6070D5B36F{B47600AF-1D22-644C-DE3D-00000000CC02}3036C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x800000000000000097351191Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-04-28 19:23:14.869{B47600AF-1D22-644C-E03D-00000000CC02}2424C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-2{B47600AF-1D22-644C-1FE1-9F0600000000}0x69fe11f2SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408{B47600AF-1D22-644C-DE3D-00000000CC02}3036C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x800000000000000097351094Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-04-28 19:23:14.772{B47600AF-1D22-644C-DF3D-00000000CC02}852C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3a78855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{B47600AF-4121-6449-E703-000000000000}0x3e72SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5{B47600AF-1D22-644C-DE3D-00000000CC02}3036C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x800000000000000097350550Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-04-28 19:23:14.371{B47600AF-1D22-644C-DE3D-00000000CC02}3036C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{B47600AF-4121-6449-E703-000000000000}0x3e72SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9{B47600AF-1D22-644C-DC3D-00000000CC02}2112C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000ec 000000c0 NT AUTHORITY\SYSTEM 154100x8000000000000000111439429Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 16:13:13.381{EF490992-F099-644B-B431-00000000CD02}616C:\Windows\System32\wlrmdr.exe10.0.14393.4169 (rs1_release.210107-1130)Windows logon reminderMicrosoft® Windows® Operating SystemMicrosoft CorporationWLRMNDR.EXE-s 60000 -f 1 -t Consider changing your password -m Your password expires today. To change your password, press CTRL+ALT+END and then click "Change a password". -a 0C:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-5C47-6449-A759-4A0000000000}0x4a59a72HighMD5=DF9B0FA86DD44537F0764C0B068C32FC,SHA256=E6F559A6A36C042826C9430B2D669A7FA4C3513159DA370B2CC258E13AF37591{EF490992-5C45-6449-8F02-00000000CD02}3484C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000111437659Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 16:12:43.350{EF490992-F07B-644B-AB31-00000000CD02}1168C:\Windows\System32\AtBroker.exe10.0.14393.0 (rs1_release.160715-1616)Windows Assistive Technology ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationATBroker.exeatbroker.exeC:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-5C47-6449-A759-4A0000000000}0x4a59a72HighMD5=8507D8A98EFA12F285A504DAEF14A0A5,SHA256=A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4{EF490992-5C45-6449-8F02-00000000CD02}3484C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000111436630Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 16:12:41.282{EF490992-F079-644B-A831-00000000CD02}4184C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-3{EF490992-F079-644B-2BF0-400700000000}0x740f02b3SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408{EF490992-F078-644B-A631-00000000CD02}4956C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000111436566Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 16:12:41.192{EF490992-F079-644B-A731-00000000CD02}720C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa295d055 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5{EF490992-F078-644B-A631-00000000CD02}4956C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000111436399Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 16:12:40.862{EF490992-F078-644B-A631-00000000CD02}4956C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9{EF490992-F078-644B-A431-00000000CD02}3824C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000cc 0000007c NT AUTHORITY\SYSTEM 154100x8000000000000000110360352Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 04:39:09.640{EF490992-4DED-644B-2326-00000000CD02}5092C:\Windows\System32\wlrmdr.exe10.0.14393.4169 (rs1_release.210107-1130)Windows logon reminderMicrosoft® Windows® Operating SystemMicrosoft CorporationWLRMNDR.EXE-s 60000 -f 1 -t Consider changing your password -m Your password expires today. To change your password, press CTRL+ALT+END and then click "Change a password". -a 0C:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-5C47-6449-A759-4A0000000000}0x4a59a72HighMD5=DF9B0FA86DD44537F0764C0B068C32FC,SHA256=E6F559A6A36C042826C9430B2D669A7FA4C3513159DA370B2CC258E13AF37591{EF490992-5C45-6449-8F02-00000000CD02}3484C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000110358253Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 04:38:39.579{EF490992-4DCF-644B-1A26-00000000CD02}972C:\Windows\System32\AtBroker.exe10.0.14393.0 (rs1_release.160715-1616)Windows Assistive Technology ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationATBroker.exeatbroker.exeC:\Windows\system32\MSWIN-SERVER\Administrator{EF490992-5C47-6449-A759-4A0000000000}0x4a59a72HighMD5=8507D8A98EFA12F285A504DAEF14A0A5,SHA256=A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4{EF490992-5C45-6449-8F02-00000000CD02}3484C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000110355678Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 04:38:32.404{EF490992-4DC8-644B-1726-00000000CD02}3008C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-3{EF490992-4DC8-644B-D5BC-8B0500000000}0x58bbcd53SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408{EF490992-4DC8-644B-1526-00000000CD02}4140C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000110355451Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 04:38:32.303{EF490992-4DC8-644B-1626-00000000CD02}4420C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa35bb055 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5{EF490992-4DC8-644B-1526-00000000CD02}4140C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x8000000000000000110355232Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-04-28 04:38:32.026{EF490992-4DC8-644B-1526-00000000CD02}4140C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{EF490992-411D-6449-E703-000000000000}0x3e73SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9{EF490992-4DC7-644B-1326-00000000CD02}4184C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 000000ac 0000007c NT AUTHORITY\SYSTEM 354300x8000000000000000130395112Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-16 14:40:38.844{B47600AF-95E5-6463-131F-00000000CE02}3128C:\Program Files\Aurora-Agent\aurora-agent-util.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.16-59141-false82.165.105.236-443- 354300x8000000000000000128021703Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-15 15:26:21.251{B47600AF-4F1A-6462-9C00-00000000CE02}380C:\Program Files\Aurora-Agent\aurora-agent-util.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.16-49778-false82.165.105.236-443- 354300x8000000000000000127955727Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-12 13:16:59.731{00000000-0000-0000-0000-000000000000}468<unknown process>-tcptruefalse10.0.1.16-53404-false82.165.105.236-443- 354300x8000000000000000168208113Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-12 12:54:08.946{00000000-0000-0000-0000-000000000000}9180<unknown process>-tcptruefalse10.0.1.17-56397-false82.165.105.236-443- 354300x8000000000000000497642263Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-11 19:51:39.012{DC3C0328-4745-645D-B7EE-00000000D102}14272C:\Program Files\Aurora-Agent\aurora-agent-util.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15-47285-false82.165.105.236-443- 354300x8000000000000000126393929Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-11 18:43:37.519{B47600AF-3750-645D-98D2-00000000CD02}3668C:\Program Files\Aurora-Agent\aurora-agent-util.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.16-53050-false82.165.105.236-443- 354300x8000000000000000126446024Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-11 18:02:28.159{2897A50F-2DB3-645D-70A9-00000000CC02}1056C:\Program Files\Aurora-Agent\aurora-agent-util.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14-62562-false82.165.105.236-443- 354300x8000000000000000124417995Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-10 15:52:56.132{2897A50F-BDD7-645B-888F-00000000CC02}2876C:\Program Files\Aurora-Agent\aurora-agent-util.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14-52253-false82.165.105.236-443- 354300x80000000000000003347899Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 16:00:53.910{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain57530-false13.107.21.200-443https 354300x80000000000000003318597Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 14:06:05.000{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain57047-false13.107.21.200-443https 354300x80000000000000003318596Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 14:06:04.996{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain57046-false13.107.21.200-443https 354300x80000000000000003318595Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 14:06:04.541{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain57045-false13.107.21.200-443https 354300x80000000000000003310821Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 13:38:41.604{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain56929-false13.107.21.200-443https 354300x80000000000000003310820Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 13:38:41.603{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain56928-false13.107.21.200-443https 354300x80000000000000003310819Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 13:38:41.602{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain56927-false13.107.21.200-443https 354300x80000000000000003310818Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 13:38:41.602{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain56926-false13.107.21.200-443https 354300x80000000000000003310817Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 13:38:41.601{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain56925-false13.107.21.200-443https 354300x80000000000000003310816Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 13:38:41.600{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain56924-false13.107.21.200-443https 354300x80000000000000003310760Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 13:38:40.189{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain56921-false13.107.21.200-443https 354300x80000000000000003308587Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 13:33:24.872{a759a8bc-95e2-645b-9b80-000000000f00}6320C:\Windows\system32\backgroundTaskHost.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain56900-false13.107.21.200-443https 354300x80000000000000003262950Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 10:33:33.787{a759a8bc-6bbb-645b-5b7c-000000000f00}1176C:\Windows\system32\backgroundTaskHost.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain56154-false13.107.21.200-443https 354300x8000000000000000486062467Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-10 08:04:01.482{DC3C0328-CF03-6453-1500-00000000D102}740C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15-38431-false184.28.81.223-80- 354300x8000000000000000486062465Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-10 08:04:01.393{DC3C0328-CF03-6453-1500-00000000D102}740C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15-38429-false184.28.81.223-80- 354300x8000000000000000486062440Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-10 08:04:01.015{DC3C0328-CF11-6453-6600-00000000D102}4524C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\updateservice.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.15-38416-false184.28.81.223-80- 354300x8000000000000000486061666Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-10 08:03:59.619{DC3C0328-CF03-6453-1500-00000000D102}740C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15-38402-false184.28.81.223-80- 354300x8000000000000000486061664Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-10 08:03:59.528{DC3C0328-CF03-6453-1500-00000000D102}740C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15-38400-false184.28.81.223-80- 354300x8000000000000000486061649Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-10 08:03:58.741{DC3C0328-CF03-6453-1500-00000000D102}740C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15-38392-false184.28.81.223-80- 354300x80000000000000003192349Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 04:33:39.502{a759a8bc-175f-645b-6774-000000000f00}6448C:\Windows\system32\backgroundTaskHost.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain54755-false13.107.21.200-443https 354300x80000000000000003167427Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 02:12:11.103{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain54217-false13.107.21.200-443https 354300x80000000000000003167426Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 02:12:11.103{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain54216-false13.107.21.200-443https 354300x80000000000000003167425Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 02:12:11.103{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain54215-false13.107.21.200-443https 354300x80000000000000003167424Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 02:12:11.102{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain54212-false13.107.21.200-443https 354300x80000000000000003167423Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 02:12:11.102{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain54214-false13.107.21.200-443https 354300x80000000000000003167422Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 02:12:11.102{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain54213-false13.107.21.200-443https 354300x80000000000000003167374Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 02:12:09.518{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain54209-false13.107.21.200-443https 354300x80000000000000003159989Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-07 01:33:38.495{a759a8bc-ed2f-645a-6a70-000000000f00}3356C:\Windows\system32\backgroundTaskHost.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain54063-false13.107.21.200-443https 354300x80000000000000003122127Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 22:33:48.798{a759a8bc-c309-645a-676c-000000000f00}9924C:\Windows\system32\backgroundTaskHost.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain53359-false13.107.21.200-443https 354300x80000000000000003084872Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 19:33:49.659{a759a8bc-ad86-6452-eb03-000000000000}4SystemNT AUTHORITY\SYSTEMudptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain137netbios-nsfalse20.190.151.131-137netbios-ns 354300x80000000000000003084863Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 19:33:48.688{a759a8bc-98d9-645a-3868-000000000f00}8228C:\Windows\system32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52646-false20.190.151.131-443https 354300x80000000000000003077347Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 18:57:53.579{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52476-false13.107.21.200-443https 354300x8000000000000000481362027Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-09 17:30:39.569{00000000-0000-0000-0000-000000000000}14640<unknown process>-tcptruefalse10.0.1.15-45800-false82.165.105.236-443- 354300x80000000000000003061207Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:48:25.863{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52176-false13.107.21.200-443https 354300x80000000000000003057175Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:41:23.552{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52111-false13.107.21.200-443https 354300x80000000000000003056731Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:40:25.377{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52106-false13.107.21.200-443https 354300x80000000000000003056112Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:39:28.427{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52089-false13.107.21.200-443https 354300x80000000000000003056111Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:39:27.872{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52088-false13.107.21.200-443https 354300x80000000000000003056110Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:39:27.855{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52087-false13.107.21.200-443https 354300x80000000000000003055940Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:39:25.320{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52085-false13.107.21.200-443https 354300x80000000000000003050378Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:32:21.602{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52021-false13.107.21.200-443https 354300x80000000000000003049930Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:31:04.547{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52011-false13.107.21.200-443https 354300x80000000000000003049929Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:31:04.349{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain52010-false13.107.21.200-443https 354300x80000000000000003031863Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:23:24.319{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51971-false13.107.21.200-443https 354300x80000000000000003025968Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:22:24.250{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51966-false13.107.21.200-443https 354300x80000000000000003021075Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:21:50.116{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51934-false13.107.21.200-443https 354300x80000000000000003021074Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:21:50.116{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51936-false13.107.21.200-443https 354300x80000000000000003021019Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:21:48.801{a759a8bc-3c92-6459-6144-000000000f00}4020C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51933-false13.107.21.200-443https 354300x80000000000000003017780Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:19:13.215{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51915-false13.107.21.200-443https 354300x80000000000000003017779Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:19:13.213{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51914-false13.107.21.200-443https 354300x80000000000000003017778Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:19:13.213{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51912-false13.107.21.200-443https 354300x80000000000000003017777Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:19:13.213{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51911-false13.107.21.200-443https 354300x80000000000000003017776Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:19:13.213{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51910-false13.107.21.200-443https 354300x80000000000000003017775Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:19:13.213{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51913-false13.107.21.200-443https 354300x80000000000000003017770Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 17:19:12.679{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51908-false13.107.21.200-443https 354300x80000000000000003009253Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 16:33:49.874{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51729-false13.107.21.200-443https 354300x80000000000000002976904Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 13:33:49.053{a759a8bc-4479-645a-395f-000000000f00}10204C:\Windows\system32\backgroundTaskHost.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51044-false13.107.21.200-443https 354300x80000000000000002974781Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 13:23:26.233{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51004-false13.107.21.200-443https 354300x80000000000000002974780Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 13:23:26.233{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51003-false13.107.21.200-443https 354300x80000000000000002974779Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 13:23:26.230{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51002-false13.107.21.200-443https 354300x80000000000000002974778Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 13:23:26.218{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain50999-false13.107.21.200-443https 354300x80000000000000002974777Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 13:23:26.218{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51001-false13.107.21.200-443https 354300x80000000000000002974776Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 13:23:26.218{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain51000-false13.107.21.200-443https 354300x80000000000000002974755Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 13:23:25.290{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain50997-false13.107.21.200-443https 354300x80000000000000002870117Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 04:33:49.942{a759a8bc-c5e9-6459-2653-000000000f00}9812C:\Windows\system32\backgroundTaskHost.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain65350-false13.107.21.200-443https 354300x80000000000000002833024Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 01:21:31.259{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64584-false13.107.21.200-443https 354300x80000000000000002831180Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 01:17:41.625{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64567-false13.107.21.200-443https 354300x80000000000000002831179Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 01:17:41.620{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64566-false13.107.21.200-443https 354300x80000000000000002831175Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 01:17:41.618{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64564-false13.107.21.200-443https 354300x80000000000000002831174Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 01:17:41.618{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64562-false13.107.21.200-443https 354300x80000000000000002831173Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 01:17:41.618{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64565-false13.107.21.200-443https 354300x80000000000000002831172Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 01:17:41.618{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64563-false13.107.21.200-443https 354300x80000000000000002831160Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 01:17:40.889{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64559-false13.107.21.200-443https 354300x80000000000000002831159Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 01:17:40.889{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64558-false13.107.21.200-443https 354300x80000000000000002822827Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-06 00:33:50.422{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain64392-false13.107.21.200-443https 354300x80000000000000002791809Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:53:27.027{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63764-false13.107.21.200-443https 354300x80000000000000002791808Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:53:27.020{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63763-false13.107.21.200-443https 354300x80000000000000002791807Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:53:27.014{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63762-false13.107.21.200-443https 354300x80000000000000002791806Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:53:26.998{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63761-false13.107.21.200-443https 354300x80000000000000002791712Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:53:25.118{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63759-false13.107.21.200-443https 354300x80000000000000002782232Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:22:38.477{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63592-false13.107.21.200-443https 354300x80000000000000002782231Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:22:38.476{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63593-false13.107.21.200-443https 354300x80000000000000002782230Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:22:38.476{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63594-false13.107.21.200-443https 354300x80000000000000002782229Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:22:38.475{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63591-false13.107.21.200-443https 354300x80000000000000002782228Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:22:38.468{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63590-false13.107.21.200-443https 354300x80000000000000002782227Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:22:38.467{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63589-false13.107.21.200-443https 354300x80000000000000002782038Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:22:06.989{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63585-false13.107.21.200-443https 354300x80000000000000002782037Microsoft-Windows-Sysmon/OperationalDESKTOP-92OQLA1-2023-05-05 21:22:06.989{a759a8bc-adad-6452-c700-000000000f00}3908C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exeDESKTOP-92OQLA1\Michael Haagtcptruefalse172.16.29.128DESKTOP-92OQLA1.localdomain63584-false13.107.21.200-443https 354300x8000000000000000473190493Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-08 16:13:29.795{00000000-0000-0000-0000-000000000000}15428<unknown process>-tcptruefalse10.0.1.15-15458-false82.165.105.236-443- 354300x8000000000000000120138580Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-08 16:09:28.648{00000000-0000-0000-0000-000000000000}5796<unknown process>-tcptruefalse10.0.1.16-51629-false82.165.105.236-443- 354300x8000000000000000120666206Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-08 15:14:51.831{2897A50F-11EB-6459-645F-00000000CC02}1992C:\Program Files\Aurora-Agent\aurora-agent-util.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14-64768-false82.165.105.236-443- 354300x8000000000000000464547678Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-07 13:29:51.897{00000000-0000-0000-0000-000000000000}2500<unknown process>-tcptruefalse10.0.1.15-38988-false82.165.105.236-443- 354300x8000000000000000129676930Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-06 16:39:07.019{00000000-0000-0000-0000-000000000000}2680<unknown process>-tcptruefalse10.0.1.17-51716-false82.165.105.236-443- 354300x8000000000000000116926515Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-06 14:43:39.098{2897A50F-6799-6456-662F-00000000CC02}3448C:\Program Files\Aurora-Agent\aurora-agent-util.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14-54567-false82.165.105.236-443- 354300x8000000000000000450975719Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-05 19:32:22.978{DC3C0328-59C4-6455-B327-00000000D102}9624C:\Program Files\Aurora-Agent\aurora-agent-util.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15-9207-false82.165.105.236-443- 354300x8000000000000000127875138Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-05 19:06:57.457{00000000-0000-0000-0000-000000000000}6992<unknown process>-tcptruefalse10.0.1.17-51035-false82.165.105.236-443- 354300x8000000000000000113093205Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-05 16:28:23.889{00000000-0000-0000-0000-000000000000}1580<unknown process>-tcptruefalse10.0.1.16-50275-false82.165.105.236-443- 354300x8000000000000000112913588Microsoft-Windows-Sysmon/Operationalmswin-ADFS.attackrange.local-2023-05-05 15:34:20.582{00000000-0000-0000-0000-000000000000}740<unknown process>-tcptruefalse10.0.1.16-50088-false82.165.105.236-443- 354300x8000000000000000122951669Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-03 17:46:03.294{00000000-0000-0000-0000-000000000000}4996<unknown process>-tcptruefalse10.0.1.17-52250-false82.165.105.236-443- 354300x8000000000000000111522780Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-03 15:18:22.659{00000000-0000-0000-0000-000000000000}348<unknown process>-tcptruefalse10.0.1.14-51565-false82.165.105.236-443- 354300x8000000000000000433921651Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-03 13:12:01.062{00000000-0000-0000-0000-000000000000}5844<unknown process>-tcptruefalse10.0.1.15-33850-false82.165.105.236-443- 354300x8000000000000000120448288Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-02 15:41:19.742{00000000-0000-0000-0000-000000000000}2756<unknown process>-tcptruefalse10.0.1.17-51873-false82.165.105.236-443- 354300x8000000000000000109589386Microsoft-Windows-Sysmon/Operationalmswin-dc01.attackrange.local-2023-05-02 14:18:03.767{00000000-0000-0000-0000-000000000000}1492<unknown process>-tcptruefalse10.0.1.14-57782-false82.165.105.236-443- 354300x8000000000000000425005640Microsoft-Windows-Sysmon/Operationalmswin-exch01.attackrange.local-2023-05-02 09:35:22.847{DC3C0328-4121-6449-1400-00000000D002}1052C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15-53723-false20.190.151.131-443- 354300x8000000000000000119243085Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-02 03:03:41.283{EF490992-411E-6449-1600-00000000CD02}1148C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.17-51687-false20.190.151.131-443- 354300x8000000000000000118335426Microsoft-Windows-Sysmon/Operationalmswin-server.attackrange.local-2023-05-01 17:30:39.086{00000000-0000-0000-0000-000000000000}856<unknown process>-tcptruefalse10.0.1.17-51560-false82.165.105.236-443-