22542200x80000000000000001178Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:23.921{C7A9AC19-4510-609D-2000-00000000B901}2484win-dc-960.attackrange.local0fe80::df6:9131:aed7:eda5;fe80::20d8:200d:f5ff:fef1;2001:0:2851:782c:20d8:200d:f5ff:fef1;::ffff:10.0.1.14;C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe 10341000x80000000000000001177Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.489{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001176Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.489{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001175Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.489{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001174Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.489{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001202Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.415{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58755-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001201Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.415{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58755-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001200Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.412{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58754-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001199Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.412{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58754-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001198Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.409{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58753-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001197Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.409{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58753-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001196Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.405{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58752-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001195Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.405{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58752-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001194Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.281{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local59108- 354300x80000000000000001193Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:25.280{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local62251- 354300x80000000000000001192Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:24.398{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58751-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001191Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:24.398{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58751-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001190Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:24.396{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58750-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001189Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:24.396{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58750-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001188Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:24.393{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58749-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001187Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:24.393{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58749-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001186Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:24.390{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58748-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001185Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:24.390{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58748-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001184Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:23.905{C7A9AC19-44FE-609D-0B00-00000000B901}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local58747-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000001183Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:23.905{C7A9AC19-4510-609D-2000-00000000B901}2484C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local58747-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 10341000x80000000000000001182Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.508{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001181Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.508{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001180Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.508{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001179Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.508{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001214Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.430{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58759-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001213Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.430{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58759-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001212Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.427{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58758-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001211Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.427{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58758-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001210Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.424{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58757-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001209Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.424{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58757-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001208Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.421{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58756-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001207Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:26.421{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58756-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001206Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.526{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001205Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.526{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001204Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.526{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001203Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.526{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001226Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.445{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58763-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001225Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.445{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58763-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001224Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.443{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58762-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001223Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.443{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58762-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001222Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.440{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58761-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001221Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.440{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58761-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001220Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.437{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58760-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001219Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:27.437{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58760-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001218Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.544{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001217Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.544{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001216Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.544{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001215Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.544{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001238Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.461{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58767-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001237Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.461{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58767-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001236Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.458{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58766-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001235Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.458{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58766-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001234Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.455{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58765-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001233Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.455{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58765-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001232Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.452{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58764-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001231Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:28.452{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58764-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001230Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.563{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001229Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.563{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001228Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.563{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001227Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.563{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001316Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.477{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58771-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001315Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.477{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58771-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001314Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.474{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58770-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001313Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.474{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58770-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001312Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.471{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58769-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001311Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.471{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58769-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001310Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.468{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58768-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001309Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.468{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58768-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001308Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.581{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001307Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.581{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001306Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.581{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001305Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.581{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001304Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.503{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001303Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.503{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001302Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.503{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000001301Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.425{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000001300Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.425{C7A9AC19-459E-609D-DD02-00000000B901}4536ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001299Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.284{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001298Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.284{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000001297Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:28:30.268{C7A9AC19-459E-609D-DD02-00000000B901}4536\PSHost.132653933102183827.4536.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001296Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.252{C7A9AC19-459E-609D-DD02-00000000B901}4536ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_on1r4am2.2sx.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001295Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.252{C7A9AC19-459E-609D-DD02-00000000B901}4536ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_q2ynz1lv.kl1.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001294Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.252{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_on1r4am2.2sx.psm12021-05-13 15:28:30.252 11241100x80000000000000001293Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.252{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_q2ynz1lv.kl1.ps12021-05-13 15:28:30.252 734700x80000000000000001292Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.237{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000001291Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.237{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001290Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.237{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001289Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.237{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001288Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.237{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001287Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-459E-609D-DB02-00000000B901}46204504C:\Windows\system32\conhost.exe{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001286Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001285Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001284Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001283Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001282Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001281Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001280Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001279Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001278Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001277Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001276Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-459E-609D-DC02-00000000B901}45404528C:\Windows\system32\cmd.exe{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001275Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.218{C7A9AC19-459E-609D-DD02-00000000B901}4536C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-459E-609D-197C-0F0000000000}0xf7c190HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-459E-609D-DC02-00000000B901}4540C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000001274Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-459E-609D-DB02-00000000B901}46204504C:\Windows\system32\conhost.exe{C7A9AC19-459E-609D-DC02-00000000B901}4540C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001273Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001272Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001271Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001270Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001269Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001268Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001267Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001266Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001265Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-459E-609D-DC02-00000000B901}4540C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001264Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001263Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-459E-609D-DA02-00000000B901}46404488C:\Windows\system32\WinrsHost.exe{C7A9AC19-459E-609D-DC02-00000000B901}4540C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000001262Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.213{C7A9AC19-459E-609D-DC02-00000000B901}4540C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-459E-609D-197C-0F0000000000}0xf7c190HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-459E-609D-DA02-00000000B901}4640C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000001261Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001260Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001259Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.205{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001258Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.174{C7A9AC19-4500-609D-1300-00000000B901}10361428C:\Windows\system32\svchost.exe{C7A9AC19-459E-609D-DA02-00000000B901}4640C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000001257Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.174{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-459E-609D-DA02-00000000B901}4640C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000001256Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-459E-609D-DB02-00000000B901}4620C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000001255Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-459E-609D-DB02-00000000B901}46204504C:\Windows\system32\conhost.exe{C7A9AC19-459E-609D-DA02-00000000B901}4640C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001254Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-459E-609D-DB02-00000000B901}4620C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001253Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001252Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001251Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001250Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001249Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001248Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001247Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001246Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001245Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001244Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-459E-609D-DA02-00000000B901}4640C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001243Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-459E-609D-DA02-00000000B901}4640C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001242Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.158{C7A9AC19-459E-609D-DA02-00000000B901}4640C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-459E-609D-197C-0F0000000000}0xf7c190HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000001241Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.143{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001240Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.143{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001239Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.143{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001320Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.600{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001319Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.600{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001318Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.600{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001317Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.600{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001333Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.618{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001332Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.618{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001331Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.618{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001330Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.618{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001329Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.492{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58775-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001328Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.492{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58775-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001327Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.489{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58774-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001326Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.489{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58774-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001325Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.487{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58773-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001324Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.487{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58773-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001323Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.484{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58772-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001322Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:30.484{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58772-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001321Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:29.988{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49610-false10.0.1.14win-dc-960.attackrange.local5986- 10341000x80000000000000001345Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.636{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001344Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.636{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001343Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.636{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001342Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.636{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001341Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.507{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58779-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001340Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.507{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58779-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001339Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.505{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58778-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001338Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.505{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58778-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001337Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.502{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58777-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001336Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.502{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58777-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001335Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.499{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58776-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001334Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:31.499{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58776-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001361Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.533{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58785-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001360Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.533{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58785-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001359Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.530{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58784-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001358Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.530{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58784-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001357Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.655{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001356Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.655{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001355Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.655{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001354Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.655{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001353Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.523{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58783-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001352Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.523{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58783-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001351Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.521{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58782-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001350Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.521{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58782-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001349Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.518{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58781-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001348Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.518{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58781-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001347Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.515{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58780-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001346Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:32.515{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58780-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001379Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.673{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001378Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.673{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001377Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.673{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001376Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.673{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001375Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.554{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58791-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001374Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.554{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58791-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001373Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.552{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58790-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001372Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.552{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58790-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001371Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.549{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58789-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001370Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.549{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58789-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001369Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.546{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58788-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001368Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.546{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58788-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001367Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.539{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58787-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001366Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.539{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58787-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001365Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.536{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58786-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001364Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:33.536{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58786-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001363Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.078{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001362Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.078{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001399Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.567{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58796-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001398Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.567{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58796-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001397Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.565{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58795-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001396Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.565{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58795-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001395Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.562{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58794-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001394Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.562{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58794-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001393Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.696{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001392Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.696{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001391Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.696{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001390Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.696{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001389Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.974{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local60772- 354300x80000000000000001388Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.972{C7A9AC19-44FE-609D-0B00-00000000B901}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local58793-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000001387Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.972{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local58793-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000001386Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.971{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local58054- 354300x80000000000000001385Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.970{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local61062- 354300x80000000000000001384Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.968{C7A9AC19-44FE-609D-0B00-00000000B901}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local58792-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000001383Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.968{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local58792-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 22542200x80000000000000001382Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.987{C7A9AC19-44FE-609D-0B00-00000000B901}632_ldap._tcp.attackrange.local.0type: 33 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000001381Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.986{C7A9AC19-44FE-609D-0B00-00000000B901}632_ldap._tcp.Default-First-Site-Name._sites.attackrange.local.0type: 33 ;10.0.1.14;C:\Windows\System32\lsass.exe 22542200x80000000000000001380Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:34.984{C7A9AC19-4510-609D-2400-00000000B901}2684win-dc-960.attackrange.local0fe80::df6:9131:aed7:eda5;fe80::20d8:200d:f5ff:fef1;2001:0:2851:782c:20d8:200d:f5ff:fef1;::ffff:10.0.1.14;C:\Windows\System32\dns.exe 10341000x80000000000000001405Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.714{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001404Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.714{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001403Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.714{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001402Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.714{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001401Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.570{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58797-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001400Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:35.570{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58797-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001417Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.733{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001416Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.733{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001415Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.733{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001414Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.733{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001413Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.590{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58801-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001412Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.590{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58801-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001411Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.587{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58800-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001410Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.587{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58800-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001409Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.585{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58799-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001408Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.585{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58799-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001407Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.582{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58798-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001406Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:36.582{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58798-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001431Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.613{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58806-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001430Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.613{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58806-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001429Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.751{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001428Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.751{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001427Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.751{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001426Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.751{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001425Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.606{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58805-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001424Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.606{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58805-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001423Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.603{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58804-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001422Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.603{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58804-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001421Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.600{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58803-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001420Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.600{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58803-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001419Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.597{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58802-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001418Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:37.597{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58802-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001439Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.619{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58808-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001438Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.619{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58808-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001437Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.616{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58807-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001436Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.616{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58807-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001435Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.769{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001434Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.769{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001433Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.769{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001432Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.769{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001457Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.787{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001456Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.787{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001455Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.787{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001454Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.787{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001453Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.709{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-458A-609D-BF02-00000000B901}3640C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24cea|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001452Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.709{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-458A-609D-BF02-00000000B901}3640C:\Windows\system32\sppsvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001451Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.637{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58813-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001450Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.637{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58813-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001449Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.634{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58812-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001448Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.634{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58812-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001447Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.632{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58811-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001446Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.632{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58811-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001445Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.629{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58810-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001444Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:39.629{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58810-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001443Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.621{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58809-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001442Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:38.621{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58809-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 11241100x80000000000000001441Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.536{C7A9AC19-458A-609D-BF02-00000000B901}3640C:\Windows\system32\sppsvc.exeC:\Windows\System32\spp\store\2.0\cache\cache.dat2016-09-12 11:33:54.437 23542300x80000000000000001440Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.536{C7A9AC19-458A-609D-BF02-00000000B901}3640NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\sppsvc.exeC:\Windows\System32\spp\store\2.0\cache\cache.datMD5=F1D87D5BF2BD88CAE1DB5048D119C281,SHA256=11D8D2CF1300664EACD1431A88E68720CBBF0D819226F1A01A5A4F37E9F0DF00,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001475Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.663{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58819-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001474Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.663{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58819-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001473Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.660{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58818-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001472Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.660{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58818-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001471Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.846{C7A9AC19-4500-609D-1000-00000000B901}408C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-960.attackrange.local123ntpfalse51.105.208.173-123ntp 354300x80000000000000001470Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.653{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58817-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001469Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.653{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58817-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001468Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.650{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58816-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001467Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.650{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58816-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001466Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.647{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58815-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001465Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.647{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58815-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001464Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.644{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58814-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001463Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.644{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58814-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001462Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:40.285{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local57773- 10341000x80000000000000001461Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.805{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001460Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.805{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001459Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.805{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001458Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.805{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001550Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.550{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local62763- 354300x80000000000000001549Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.669{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58821-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001548Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.669{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58821-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001547Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.666{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58820-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001546Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:41.666{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58820-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001545Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.823{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001544Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.823{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001543Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.823{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001542Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.823{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001541Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.761{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001540Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.761{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001539Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.745{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000001538Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.651{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000001537Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.651{C7A9AC19-45AB-609D-E102-00000000B901}4152ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001536Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.510{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001535Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.510{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000001534Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:28:43.494{C7A9AC19-45AB-609D-E102-00000000B901}4152\PSHost.132653933234470115.4152.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001533Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.494{C7A9AC19-45AB-609D-E102-00000000B901}4152ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_a2o2ipfu.d3d.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001532Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.494{C7A9AC19-45AB-609D-E102-00000000B901}4152ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_xpinotyb.3dy.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001531Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.479{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_a2o2ipfu.d3d.psm12021-05-13 15:28:43.479 11241100x80000000000000001530Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.479{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_xpinotyb.3dy.ps12021-05-13 15:28:43.479 734700x80000000000000001529Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.479{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000001528Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.463{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001527Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.463{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001526Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.463{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001525Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.463{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001524Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.447{C7A9AC19-45AB-609D-DF02-00000000B901}47965008C:\Windows\system32\conhost.exe{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001523Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.447{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001522Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.447{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001521Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.447{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001520Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.447{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001519Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.447{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001518Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.447{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001517Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001516Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001515Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001514Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001513Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-45AB-609D-E002-00000000B901}50885096C:\Windows\system32\cmd.exe{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001512Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.447{C7A9AC19-45AB-609D-E102-00000000B901}4152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45AB-609D-61B3-0F0000000000}0xfb3610HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-45AB-609D-E002-00000000B901}5088C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000001511Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-45AB-609D-DF02-00000000B901}47965008C:\Windows\system32\conhost.exe{C7A9AC19-45AB-609D-E002-00000000B901}5088C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001510Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001509Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001508Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001507Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001506Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001505Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001504Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001503Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001502Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45AB-609D-E002-00000000B901}5088C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001501Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001500Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-45AB-609D-DE02-00000000B901}49005092C:\Windows\system32\WinrsHost.exe{C7A9AC19-45AB-609D-E002-00000000B901}5088C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000001499Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.441{C7A9AC19-45AB-609D-E002-00000000B901}5088C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45AB-609D-61B3-0F0000000000}0xfb3610HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-45AB-609D-DE02-00000000B901}4900C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000001498Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001497Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001496Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.432{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001495Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.400{C7A9AC19-4500-609D-1300-00000000B901}10361420C:\Windows\system32\svchost.exe{C7A9AC19-45AB-609D-DE02-00000000B901}4900C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000001494Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.400{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45AB-609D-DE02-00000000B901}4900C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000001493Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-45AB-609D-DF02-00000000B901}4796C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000001492Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-45AB-609D-DF02-00000000B901}47965008C:\Windows\system32\conhost.exe{C7A9AC19-45AB-609D-DE02-00000000B901}4900C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001491Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45AB-609D-DF02-00000000B901}4796C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001490Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001489Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001488Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001487Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001486Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001485Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001484Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001483Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001482Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001481Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-45AB-609D-DE02-00000000B901}4900C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001480Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45AB-609D-DE02-00000000B901}4900C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001479Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.385{C7A9AC19-45AB-609D-DE02-00000000B901}4900C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-45AB-609D-61B3-0F0000000000}0xfb3610HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000001478Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.369{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001477Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.369{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001476Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.369{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001563Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.842{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001562Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.842{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001561Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.842{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001560Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.842{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001559Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.188{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49615-false10.0.1.14win-dc-960.attackrange.local5986- 354300x80000000000000001558Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.684{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58825-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001557Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.684{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58825-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001556Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.681{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58824-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001555Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.681{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58824-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001554Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.678{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58823-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001553Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.678{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58823-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001552Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.676{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58822-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001551Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:42.676{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58822-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001575Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.860{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001574Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.860{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001573Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.860{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001572Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.860{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001571Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.700{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58829-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001570Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.700{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58829-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001569Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.697{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58828-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001568Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.697{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58828-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001567Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.694{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58827-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001566Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.694{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58827-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001565Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.691{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58826-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001564Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:43.691{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58826-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001585Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.878{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001584Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.878{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001583Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.878{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001582Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.878{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001581Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.713{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58832-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001580Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.713{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58832-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001579Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.710{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58831-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001578Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.710{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58831-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001577Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.707{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58830-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001576Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.707{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58830-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001589Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.896{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001588Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.896{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001587Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.896{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001586Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.896{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001604Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.914{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001603Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.914{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001602Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.914{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001601Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.914{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 13241300x80000000000000001600Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-SetValue2021-05-13 15:28:48.867{C7A9AC19-4500-609D-1000-00000000B901}408C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7480c-0xabbacc4c) 354300x80000000000000001599Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.731{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58837-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001598Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.731{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58837-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001597Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.728{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58836-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001596Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.728{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58836-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001595Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.725{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58835-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001594Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.725{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58835-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001593Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.722{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58834-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001592Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:45.722{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58834-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001591Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.715{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58833-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001590Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:44.715{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58833-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001624Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.932{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001623Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.932{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001622Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.932{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001621Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.932{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001620Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.762{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58846-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001619Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.762{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58846-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001618Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.759{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58845-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001617Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.759{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58845-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001616Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.757{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58844-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001615Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.757{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58844-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001614Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.754{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58843-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001613Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:47.754{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58843-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001612Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.746{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58842-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001611Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.746{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58842-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001610Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.744{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58841-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001609Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.744{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58841-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001608Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.741{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58840-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001607Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.741{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58840-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001606Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.738{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58839-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001605Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:46.738{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58839-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001636Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.950{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001635Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.950{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001634Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.950{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001633Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.950{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001632Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.778{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58850-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001631Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.778{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58850-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001630Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.775{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58849-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001629Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.775{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58849-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001628Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.772{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58848-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001627Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.772{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58848-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001626Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.769{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58847-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001625Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:48.769{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58847-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001647Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.967{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001646Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.967{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001645Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.967{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001644Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.967{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001643Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.793{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58854-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001642Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.791{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58853-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001641Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.791{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58853-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001640Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.788{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58852-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001639Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.788{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58852-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001638Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.785{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58851-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001637Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.785{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58851-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001660Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.985{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001659Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.985{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001658Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.985{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001657Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.985{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001656Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.809{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58858-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001655Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.809{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58858-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001654Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.807{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58857-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001653Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.807{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58857-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001652Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.803{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58856-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001651Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.803{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58856-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001650Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.801{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58855-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001649Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:50.801{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58855-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001648Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:49.793{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58854-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001674Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.988{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-45B5-609D-E202-00000000B901}1176C:\Windows\system32\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001673Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.988{C7A9AC19-4500-609D-1600-00000000B901}12721948C:\Windows\system32\svchost.exe{C7A9AC19-45B5-609D-E202-00000000B901}1176C:\Windows\system32\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\UBPM.dll+a7a1|c:\windows\system32\UBPM.dll+fa34|c:\windows\system32\UBPM.dll+cdcc|c:\windows\system32\UBPM.dll+d395|c:\windows\system32\UBPM.dll+dc95|c:\windows\system32\UBPM.dll+e9dd|c:\windows\system32\UBPM.dll+e0a4|c:\windows\system32\UBPM.dll+11662|c:\windows\system32\EventAggregation.dll+3fae|c:\windows\system32\EventAggregation.dll+3ea1|c:\windows\system32\EventAggregation.dll+36c9|c:\windows\system32\EventAggregation.dll+332f|c:\windows\system32\EventAggregation.dll+2e28|C:\Windows\SYSTEM32\ntdll.dll+65b55|C:\Windows\SYSTEM32\ntdll.dll+6585d|C:\Windows\SYSTEM32\ntdll.dll+656c0|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001672Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.988{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4500-609D-1600-00000000B901}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001671Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.988{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4500-609D-1600-00000000B901}1272C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000001670Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.393{C7A9AC19-4500-609D-1100-00000000B901}416C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat2021-05-13 15:26:52.910 23542300x80000000000000001669Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.393{C7A9AC19-4500-609D-1100-00000000B901}416NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=BC38C259727A66EC9A8164AF8BDF4170,SHA256=A5B6C6F9ECE4515010090AF89085852846B0C7AC104AEC8C806D4E6A0BF9694F,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001668Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.825{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58862-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001667Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.825{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58862-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001666Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.822{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58861-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001665Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.822{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58861-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001664Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.819{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58860-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001663Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.819{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58860-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001662Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.816{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58859-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001661Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:51.816{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58859-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001685Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.838{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58865-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001684Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.838{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58865-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001683Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.835{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58864-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001682Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.835{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58864-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001681Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.832{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58863-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001680Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.832{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58863-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 11241100x80000000000000001679Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.035{C7A9AC19-45B5-609D-E202-00000000B901}1176C:\Windows\system32\wermgr.exeC:\ProgramData\Microsoft\Windows\WER\Temp\81ed8a48-e75c-48af-878b-8ac096cdf1d22021-05-13 15:28:54.035 10341000x80000000000000001678Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.003{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001677Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.003{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001676Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.003{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001675Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.003{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001699Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.855{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58870-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001698Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.855{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58870-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001697Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.853{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58869-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001696Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.853{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58869-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001695Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.850{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58868-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001694Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.850{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58868-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001693Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.847{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58867-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001692Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:53.847{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58867-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001691Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.840{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58866-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001690Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:52.840{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58866-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001689Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.021{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001688Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.021{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001687Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.021{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001686Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.021{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001775Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.569{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001774Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.569{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001773Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.569{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000001772Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.521{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000001771Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.521{C7A9AC19-45B8-609D-E602-00000000B901}2196ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000001770Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.381{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001769Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.381{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000001768Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:28:56.365{C7A9AC19-45B8-609D-E602-00000000B901}2196\PSHost.132653933363203789.2196.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001767Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.365{C7A9AC19-45B8-609D-E602-00000000B901}2196ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_nroq4z2n.krr.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001766Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.365{C7A9AC19-45B8-609D-E602-00000000B901}2196ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_0f2udlzh.5bt.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001765Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.349{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_nroq4z2n.krr.psm12021-05-13 15:28:56.349 11241100x80000000000000001764Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.349{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_0f2udlzh.5bt.ps12021-05-13 15:28:56.349 734700x80000000000000001763Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.349{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000001762Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.334{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001761Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.334{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001760Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.334{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001759Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.334{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001758Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.321{C7A9AC19-45B8-609D-E402-00000000B901}12962492C:\Windows\system32\conhost.exe{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001757Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.321{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001756Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.321{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001755Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.321{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001754Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.321{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001753Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001752Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001751Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001750Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001749Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001748Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001747Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-45B8-609D-E502-00000000B901}35923752C:\Windows\system32\cmd.exe{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001746Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.320{C7A9AC19-45B8-609D-E602-00000000B901}2196C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45B8-609D-67EB-0F0000000000}0xfeb670HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-45B8-609D-E502-00000000B901}3592C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000001745Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-45B8-609D-E402-00000000B901}12962492C:\Windows\system32\conhost.exe{C7A9AC19-45B8-609D-E502-00000000B901}3592C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001744Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001743Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001742Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001741Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001740Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001739Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001738Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001737Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001736Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001735Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45B8-609D-E502-00000000B901}3592C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001734Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-45B8-609D-E302-00000000B901}41923160C:\Windows\system32\WinrsHost.exe{C7A9AC19-45B8-609D-E502-00000000B901}3592C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000001733Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.314{C7A9AC19-45B8-609D-E502-00000000B901}3592C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45B8-609D-67EB-0F0000000000}0xfeb670HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-45B8-609D-E302-00000000B901}4192C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000001732Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001731Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001730Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.305{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001729Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.290{C7A9AC19-4500-609D-1300-00000000B901}10361428C:\Windows\system32\svchost.exe{C7A9AC19-45B8-609D-E302-00000000B901}4192C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000001728Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.274{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45B8-609D-E302-00000000B901}4192C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000001727Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-45B8-609D-E402-00000000B901}1296C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000001726Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-45B8-609D-E402-00000000B901}12962492C:\Windows\system32\conhost.exe{C7A9AC19-45B8-609D-E302-00000000B901}4192C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001725Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45B8-609D-E402-00000000B901}1296C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001724Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001723Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001722Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001721Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001720Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001719Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001718Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001717Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001716Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001715Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-45B8-609D-E302-00000000B901}4192C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001714Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45B8-609D-E302-00000000B901}4192C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001713Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.260{C7A9AC19-45B8-609D-E302-00000000B901}4192C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-45B8-609D-67EB-0F0000000000}0xfeb670HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000001712Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001711Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.258{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001710Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.869{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58873-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001709Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.868{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58873-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001708Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.866{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58872-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001707Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.866{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58872-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001706Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.863{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58871-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001705Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.863{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58871-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001704Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.243{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001703Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.039{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001702Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.039{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001701Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.039{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001700Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.039{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001790Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.039{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49616-false10.0.1.14win-dc-960.attackrange.local5986- 354300x80000000000000001789Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.887{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58878-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001788Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.887{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58878-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001787Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.884{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58877-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001786Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.884{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58877-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001785Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.881{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58876-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001784Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.881{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58876-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001783Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.878{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58875-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001782Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:55.878{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58875-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001781Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.871{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58874-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001780Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:54.871{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58874-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001779Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.054{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001778Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.054{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001777Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.054{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001776Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.054{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001802Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.900{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58882-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001801Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.900{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58882-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001800Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.072{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001799Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.072{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001798Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.072{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001797Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.072{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001796Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.897{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58881-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001795Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.897{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58881-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001794Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.894{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58880-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001793Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.894{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58880-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001792Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.891{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58879-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001791Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:56.891{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58879-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001814Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.915{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58886-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001813Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.915{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58886-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001812Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.913{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58885-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001811Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.913{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58885-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001810Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.910{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58884-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001809Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.910{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58884-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001808Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.907{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58883-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001807Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:57.907{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58883-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001806Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.090{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001805Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.090{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001804Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.090{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001803Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.090{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001826Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.931{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58890-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001825Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.931{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58890-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001824Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.928{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58889-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001823Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.928{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58889-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001822Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.925{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58888-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001821Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.925{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58888-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001820Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.922{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58887-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001819Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:58.922{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58887-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001818Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.107{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001817Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.107{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001816Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.107{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001815Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.107{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001838Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.947{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58894-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001837Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.947{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58894-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001836Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.944{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58893-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001835Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.944{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58893-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001834Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.941{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58892-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001833Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.941{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58892-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001832Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.938{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58891-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001831Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:28:59.938{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58891-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001830Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.125{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001829Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.125{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001828Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.125{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001827Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.125{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001850Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.962{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58898-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001849Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.962{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58898-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001848Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.959{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58897-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001847Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.959{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58897-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001846Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.957{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58896-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001845Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.957{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58896-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001844Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.954{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58895-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001843Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:00.954{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58895-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001842Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.143{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001841Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.143{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001840Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.143{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001839Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.143{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001862Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.978{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58902-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001861Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.978{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58902-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001860Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.975{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58901-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001859Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.975{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58901-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001858Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.972{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58900-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001857Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.972{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58900-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001856Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.969{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58899-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001855Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:01.969{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58899-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001854Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:03.161{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001853Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:03.161{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001852Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:03.161{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001851Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:03.161{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001874Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.993{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58906-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001873Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.993{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58906-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001872Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.991{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58905-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001871Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.991{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58905-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001870Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.988{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58904-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001869Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.988{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58904-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001868Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.985{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58903-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001867Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:02.985{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58903-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001866Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.178{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001865Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.178{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001864Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.178{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001863Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.178{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001886Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.009{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58910-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001885Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.009{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58910-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001884Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.006{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58909-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001883Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.006{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58909-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001882Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.004{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58908-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001881Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.004{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58908-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001880Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.001{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58907-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001879Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:04.001{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58907-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001878Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.196{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001877Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.196{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001876Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.196{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001875Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.196{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001898Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.026{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58914-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001897Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.026{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58914-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001896Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.022{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58913-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001895Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.022{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58913-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001894Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.019{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58912-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001893Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.019{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58912-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001892Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.016{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58911-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001891Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:05.016{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58911-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001890Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.214{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001889Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.214{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001888Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.214{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001887Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.214{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001910Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.040{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58918-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001909Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.040{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58918-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001908Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.038{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58917-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001907Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.038{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58917-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001906Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.035{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58916-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001905Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.035{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58916-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001904Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.231{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001903Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.231{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001902Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.231{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001901Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.231{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001900Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.032{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58915-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001899Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:06.032{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58915-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001914Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.249{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001913Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.249{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001912Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.249{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001911Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.249{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001994Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.455{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001993Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.455{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001992Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.455{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000001991Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.408{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000001990Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.408{C7A9AC19-45C5-609D-EA02-00000000B901}4516ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000001989Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.063{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58923-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001988Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.063{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58923-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000001987Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.267{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001986Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.267{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001985Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.267{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001984Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.267{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001983Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.267{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001982Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.267{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 17141700x80000000000000001981Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:29:09.251{C7A9AC19-45C5-609D-EA02-00000000B901}4516\PSHost.132653933492028813.4516.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000001980Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.251{C7A9AC19-45C5-609D-EA02-00000000B901}4516ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_nnu1guwx.uo4.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000001979Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.251{C7A9AC19-45C5-609D-EA02-00000000B901}4516ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sccuhmxe.rf2.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000001978Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.235{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_nnu1guwx.uo4.psm12021-05-13 15:29:09.235 11241100x80000000000000001977Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.235{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sccuhmxe.rf2.ps12021-05-13 15:29:09.235 734700x80000000000000001976Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.235{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000001975Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.220{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001974Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.220{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001973Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.204{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001972Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.204{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001971Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.204{C7A9AC19-45C5-609D-E802-00000000B901}45924604C:\Windows\system32\conhost.exe{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001970Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001969Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001968Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001967Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001966Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001965Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001964Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001963Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001962Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001961Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001960Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-45C5-609D-E902-00000000B901}45564544C:\Windows\system32\cmd.exe{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001959Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.202{C7A9AC19-45C5-609D-EA02-00000000B901}4516C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45C5-609D-741E-100000000000}0x101e740HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-45C5-609D-E902-00000000B901}4556C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000001958Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-45C5-609D-E802-00000000B901}45924604C:\Windows\system32\conhost.exe{C7A9AC19-45C5-609D-E902-00000000B901}4556C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001957Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001956Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001955Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001954Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001953Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001952Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001951Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001950Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001949Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45C5-609D-E902-00000000B901}4556C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001948Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001947Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-45C5-609D-E702-00000000B901}46604636C:\Windows\system32\WinrsHost.exe{C7A9AC19-45C5-609D-E902-00000000B901}4556C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000001946Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.197{C7A9AC19-45C5-609D-E902-00000000B901}4556C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45C5-609D-741E-100000000000}0x101e740HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-45C5-609D-E702-00000000B901}4660C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000001945Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001944Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001943Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.188{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001942Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.157{C7A9AC19-4500-609D-1300-00000000B901}10361812C:\Windows\system32\svchost.exe{C7A9AC19-45C5-609D-E702-00000000B901}4660C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000001941Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.157{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45C5-609D-E702-00000000B901}4660C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000001940Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.141{C7A9AC19-45C5-609D-E802-00000000B901}4592C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000001939Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.141{C7A9AC19-45C5-609D-E802-00000000B901}45924604C:\Windows\system32\conhost.exe{C7A9AC19-45C5-609D-E702-00000000B901}4660C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001938Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.141{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45C5-609D-E802-00000000B901}4592C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001937Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001936Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001935Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001934Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001933Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001932Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001931Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001930Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001929Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001928Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45C5-609D-E702-00000000B901}4660C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000001927Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45C5-609D-E702-00000000B901}4660C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000001926Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.139{C7A9AC19-45C5-609D-E702-00000000B901}4660C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-45C5-609D-741E-100000000000}0x101e740HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000001925Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001924Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000001923Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.126{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000001922Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.056{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58922-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001921Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.056{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58922-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001920Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.053{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58921-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001919Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.053{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58921-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001918Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.050{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58920-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001917Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.050{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58920-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001916Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.047{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58919-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001915Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:07.047{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58919-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002002Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.284{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002001Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.284{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002000Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.284{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000001999Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.284{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000001998Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.069{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58925-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001997Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.069{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58925-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001996Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.066{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58924-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000001995Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.066{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58924-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002019Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.094{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58931-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002018Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.094{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58931-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002017Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.302{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002016Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.302{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002015Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.302{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002014Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.302{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002013Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.088{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58930-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002012Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.087{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58930-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002011Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.085{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58929-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002010Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.085{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58929-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002009Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.082{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58928-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002008Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.082{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58928-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002007Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.079{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58927-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002006Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:09.079{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58927-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002005Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.881{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49617-false10.0.1.14win-dc-960.attackrange.local5986- 354300x80000000000000002004Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.071{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58926-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002003Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:08.071{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58926-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002027Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.321{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002026Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.321{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002025Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.321{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002024Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.321{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002023Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.100{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58933-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002022Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.100{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58933-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002021Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.097{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58932-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002020Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.097{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58932-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002047Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.855{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-44FB-609D-0700-00000000B901}488C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002046Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.855{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-44FB-609D-0700-00000000B901}488C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002045Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.855{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-44FB-609D-0700-00000000B901}488C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002044Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.855{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-44FB-609D-0700-00000000B901}488C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002043Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.855{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-44FB-609D-0700-00000000B901}488C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002042Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.855{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-44FB-609D-0700-00000000B901}488C:\Windows\system32\wininit.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002041Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.336{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002040Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.336{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002039Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.336{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002038Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.336{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002037Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.118{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58938-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002036Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.118{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58938-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002035Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.116{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58937-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002034Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.116{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58937-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002033Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.113{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58936-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002032Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.113{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58936-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002031Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.110{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58935-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002030Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:11.110{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58935-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002029Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.103{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58934-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002028Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:10.103{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58934-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002063Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.143{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58944-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002062Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.143{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58944-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002061Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.140{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58943-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002060Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.140{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58943-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002059Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.356{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002058Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.356{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002057Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.356{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002056Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.356{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002055Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.135{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58942-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002054Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.135{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58942-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002053Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.133{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58941-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002052Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.133{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58941-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002051Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.130{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58940-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002050Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.130{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58940-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002049Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.127{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58939-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002048Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:12.127{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58939-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002075Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.161{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58948-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002074Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.161{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58948-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002073Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.158{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58947-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002072Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.158{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58947-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002071Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.374{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002070Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.374{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002069Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.374{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002068Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.374{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002067Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.148{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58946-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002066Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.148{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58946-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002065Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.146{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58945-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002064Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:13.146{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58945-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002087Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.177{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58952-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002086Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.177{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58952-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002085Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.174{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58951-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002084Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.174{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58951-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002083Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.392{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002082Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.392{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002081Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.392{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002080Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.392{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002079Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.167{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58950-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002078Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.167{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58950-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002077Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.164{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58949-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002076Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:14.164{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58949-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002095Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.410{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002094Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.410{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002093Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.410{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002092Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.410{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002091Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.182{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58954-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002090Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.182{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58954-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002089Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.180{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58953-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002088Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:15.180{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58953-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002107Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.427{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002106Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.427{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002105Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.427{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002104Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.427{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002103Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.199{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58958-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002102Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.199{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58958-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002101Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.196{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58957-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002100Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.196{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58957-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002099Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.194{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58956-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002098Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.194{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58956-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002097Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.191{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58955-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002096Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:16.191{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58955-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002119Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.445{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002118Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.445{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002117Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.445{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002116Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.445{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002115Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.215{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58962-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002114Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.215{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58962-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002113Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.212{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58961-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002112Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.212{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58961-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002111Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.209{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58960-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002110Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.209{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58960-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002109Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.206{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58959-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002108Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:17.206{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58959-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002131Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.462{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002130Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.462{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002129Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.462{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002128Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.462{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002127Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.230{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58966-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002126Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.230{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58966-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002125Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.228{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58965-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002124Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.228{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58965-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002123Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.225{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58964-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002122Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.225{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58964-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002121Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.222{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58963-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002120Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:18.222{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58963-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002204Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.871{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002203Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.871{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000002202Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:29:21.855{C7A9AC19-45D1-609D-EE02-00000000B901}4752\PSHost.132653933618028384.4752.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000002201Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.840{C7A9AC19-45D1-609D-EE02-00000000B901}4752ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_rjmyvtqy.bj3.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000002200Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.840{C7A9AC19-45D1-609D-EE02-00000000B901}4752ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_2lvfef2f.fo0.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000002199Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.840{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_rjmyvtqy.bj3.psm12021-05-13 15:29:21.840 11241100x80000000000000002198Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.840{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_2lvfef2f.fo0.ps12021-05-13 15:29:21.840 734700x80000000000000002197Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.824{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000002196Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.824{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002195Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.808{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002194Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.808{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002193Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.808{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002192Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-45D1-609D-EC02-00000000B901}48764260C:\Windows\system32\conhost.exe{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002191Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002190Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002189Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002188Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002187Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002186Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002185Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002184Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002183Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002182Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002181Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-45D1-609D-ED02-00000000B901}41243640C:\Windows\system32\cmd.exe{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000002180Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.802{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45D1-609D-4753-100000000000}0x1053470HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-45D1-609D-ED02-00000000B901}4124C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000002179Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-45D1-609D-EC02-00000000B901}48764260C:\Windows\system32\conhost.exe{C7A9AC19-45D1-609D-ED02-00000000B901}4124C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002178Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002177Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002176Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002175Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002174Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002173Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002172Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002171Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002170Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002169Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-45D1-609D-ED02-00000000B901}4124C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002168Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-45D1-609D-EB02-00000000B901}48604132C:\Windows\system32\WinrsHost.exe{C7A9AC19-45D1-609D-ED02-00000000B901}4124C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000002167Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.797{C7A9AC19-45D1-609D-ED02-00000000B901}4124C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45D1-609D-4753-100000000000}0x1053470HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-45D1-609D-EB02-00000000B901}4860C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000002166Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002165Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002164Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.793{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002163Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.762{C7A9AC19-4500-609D-1300-00000000B901}10361428C:\Windows\system32\svchost.exe{C7A9AC19-45D1-609D-EB02-00000000B901}4860C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000002162Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.762{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45D1-609D-EB02-00000000B901}4860C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000002161Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.746{C7A9AC19-45D1-609D-EC02-00000000B901}4876C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000002160Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.746{C7A9AC19-45D1-609D-EC02-00000000B901}48764260C:\Windows\system32\conhost.exe{C7A9AC19-45D1-609D-EB02-00000000B901}4860C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002159Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.746{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-45D1-609D-EC02-00000000B901}4876C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002158Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002157Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002156Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002155Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002154Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002153Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002152Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002151Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002150Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002149Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45D1-609D-EB02-00000000B901}4860C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002148Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45D1-609D-EB02-00000000B901}4860C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000002147Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.740{C7A9AC19-45D1-609D-EB02-00000000B901}4860C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-45D1-609D-4753-100000000000}0x1053470HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000002146Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002145Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002144Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.730{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002143Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.480{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002142Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.480{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002141Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.480{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002140Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.480{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002139Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.246{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58970-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002138Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.246{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58970-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002137Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.243{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58969-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002136Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.243{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58969-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002135Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.241{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58968-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002134Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.240{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58968-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002133Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.238{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58967-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002132Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:19.238{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58967-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002221Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.497{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002220Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.497{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002219Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.497{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002218Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.497{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002217Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.262{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58974-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002216Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.262{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58974-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002215Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.259{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58973-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002214Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.259{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58973-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002213Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.256{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58972-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002212Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.256{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58972-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002211Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.253{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58971-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002210Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:20.253{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58971-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002209Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.059{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002208Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.059{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002207Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.059{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000002206Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.012{C7A9AC19-45D1-609D-EE02-00000000B901}4752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000002205Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.012{C7A9AC19-45D1-609D-EE02-00000000B901}4752ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000002233Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.515{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002232Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.515{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002231Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.515{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002230Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.515{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002229Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.277{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58978-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002228Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.277{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58978-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002227Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.275{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58977-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002226Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.275{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58977-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002225Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.272{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58976-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002224Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.272{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58976-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002223Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.269{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58975-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002222Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.269{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58975-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002248Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.532{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002247Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.532{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002246Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.532{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002245Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.532{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002244Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.300{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58984-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002243Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.300{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58984-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002242Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.293{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58983-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002241Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.293{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58983-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002240Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.290{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58982-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002239Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.290{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58982-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002238Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.287{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58981-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002237Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.287{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58981-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002236Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.284{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58980-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002235Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:22.284{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58980-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002234Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:21.463{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49620-false10.0.1.14win-dc-960.attackrange.local5986- 10341000x80000000000000002258Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.549{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002257Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.549{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002256Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.549{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002255Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.549{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002254Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.309{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58987-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002253Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.309{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58987-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002252Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.306{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58986-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002251Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.306{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58986-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002250Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.303{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58985-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002249Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.303{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58985-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002270Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.322{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58991-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002269Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.322{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58991-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002268Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.319{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58990-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002267Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.319{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58990-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002266Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.316{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58989-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002265Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.316{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58989-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002264Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.909{C7A9AC19-44FE-609D-0B00-00000000B901}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local58988-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000002263Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:23.909{C7A9AC19-4510-609D-2000-00000000B901}2484C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local58988-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 10341000x80000000000000002262Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.567{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002261Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.567{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002260Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.567{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002259Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.567{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002292Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.356{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59000-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002291Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.356{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59000-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002290Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.353{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58999-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002289Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.353{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58999-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002288Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.350{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58998-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002287Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.350{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58998-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002286Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.347{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58997-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002285Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:26.347{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58997-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002284Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.341{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58996-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002283Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.341{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58996-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002282Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.338{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58995-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002281Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.338{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local58995-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002280Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.334{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58994-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002279Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.334{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58994-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002278Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.331{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local58993-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002277Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:25.331{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local58993-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002276Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.324{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58992-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002275Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:24.324{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local58992-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002274Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.584{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002273Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.584{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002272Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.584{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002271Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.584{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002304Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.371{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59004-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002303Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.371{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59004-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002302Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.368{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59003-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002301Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.368{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59003-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002300Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.366{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59002-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002299Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.366{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59002-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002298Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.363{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59001-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002297Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:27.363{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59001-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002296Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.602{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002295Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.602{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002294Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.602{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002293Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.602{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002316Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.387{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59008-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002315Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.387{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59008-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002314Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.384{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59007-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002313Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.384{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59007-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002312Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.381{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59006-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002311Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.381{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59006-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002310Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.378{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59005-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002309Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:28.378{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59005-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002308Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.619{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002307Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.619{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002306Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.619{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002305Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.619{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002320Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.636{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002319Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.636{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002318Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.636{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002317Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.636{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002332Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.653{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002331Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.653{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002330Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.653{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002329Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.653{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002328Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.402{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59012-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002327Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.402{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59012-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002326Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.400{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59011-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002325Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.400{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59011-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002324Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.397{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59010-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002323Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.397{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59010-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002322Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.394{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59009-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002321Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:29.394{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59009-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002346Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.425{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59017-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002345Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.425{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59017-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002344Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.671{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002343Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.671{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002342Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.671{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002341Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.671{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002340Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.418{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59016-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002339Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.418{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59016-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002338Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.415{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59015-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002337Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.415{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59015-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002336Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.412{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59014-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002335Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.412{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59014-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002334Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.409{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59013-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002333Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:30.409{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59013-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002359Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.441{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59021-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002358Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.441{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59021-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002357Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.688{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002356Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.688{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002355Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.688{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002354Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.688{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002353Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.140{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002352Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.433{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59020-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002351Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.433{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59020-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002350Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.431{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59019-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002349Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.431{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59019-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002348Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.428{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59018-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002347Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:31.428{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59018-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002440Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.459{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59029-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002439Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.456{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59028-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002438Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.456{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59028-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002437Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.705{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002436Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.705{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002435Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.705{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002434Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.705{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002433Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.596{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002432Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.596{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002431Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.580{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000002430Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.533{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000002429Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.533{C7A9AC19-45DE-609D-F202-00000000B901}1284ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000002428Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.408{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002427Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.408{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000002426Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:29:34.377{C7A9AC19-45DE-609D-F202-00000000B901}1284\PSHost.132653933743325388.1284.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000002425Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.377{C7A9AC19-45DE-609D-F202-00000000B901}1284ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_gk2a4zr0.aca.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000002424Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.377{C7A9AC19-45DE-609D-F202-00000000B901}1284ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_hqj4n2i3.fx2.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000002423Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.361{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_gk2a4zr0.aca.psm12021-05-13 15:29:34.361 11241100x80000000000000002422Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.361{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_hqj4n2i3.fx2.ps12021-05-13 15:29:34.361 734700x80000000000000002421Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.361{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000002420Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.345{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002419Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.345{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002418Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.345{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002417Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.345{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002416Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-45DE-609D-F002-00000000B901}50764952C:\Windows\system32\conhost.exe{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002415Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002414Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002413Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002412Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002411Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002410Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002409Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002408Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002407Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002406Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002405Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.330{C7A9AC19-45DE-609D-F102-00000000B901}24044684C:\Windows\system32\cmd.exe{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000002404Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.332{C7A9AC19-45DE-609D-F202-00000000B901}1284C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45DE-609D-8886-100000000000}0x1086880HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-45DE-609D-F102-00000000B901}2404C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000002403Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-45DE-609D-F002-00000000B901}50764952C:\Windows\system32\conhost.exe{C7A9AC19-45DE-609D-F102-00000000B901}2404C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002402Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002401Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002400Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002399Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002398Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002397Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002396Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002395Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002394Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45DE-609D-F102-00000000B901}2404C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002393Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002392Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-45DE-609D-EF02-00000000B901}36963300C:\Windows\system32\WinrsHost.exe{C7A9AC19-45DE-609D-F102-00000000B901}2404C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000002391Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.326{C7A9AC19-45DE-609D-F102-00000000B901}2404C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45DE-609D-8886-100000000000}0x1086880HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-45DE-609D-EF02-00000000B901}3696C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000002390Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002389Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002388Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.314{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002387Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.298{C7A9AC19-4500-609D-1300-00000000B901}10361428C:\Windows\system32\svchost.exe{C7A9AC19-45DE-609D-EF02-00000000B901}3696C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000002386Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.283{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45DE-609D-EF02-00000000B901}3696C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000002385Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.283{C7A9AC19-45DE-609D-F002-00000000B901}5076C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000002384Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.283{C7A9AC19-45DE-609D-F002-00000000B901}50764952C:\Windows\system32\conhost.exe{C7A9AC19-45DE-609D-EF02-00000000B901}3696C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002383Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45DE-609D-F002-00000000B901}5076C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002382Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002381Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002380Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002379Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002378Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002377Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002376Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002375Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002374Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002373Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-45DE-609D-EF02-00000000B901}3696C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002372Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45DE-609D-EF02-00000000B901}3696C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000002371Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.273{C7A9AC19-45DE-609D-EF02-00000000B901}3696C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-45DE-609D-8886-100000000000}0x1086880HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000002370Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002369Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002368Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.267{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000002367Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.913{C7A9AC19-44FE-609D-0B00-00000000B901}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59025-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local389ldap 354300x80000000000000002366Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.913{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59025-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local389ldap 354300x80000000000000002365Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.449{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59024-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002364Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.449{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59024-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002363Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.446{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59023-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002362Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.446{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59023-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002361Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.444{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59022-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002360Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:32.444{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59022-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002456Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.478{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59034-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002455Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.478{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59034-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002454Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.475{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59033-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002453Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.475{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59033-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002452Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.472{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59032-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002451Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.472{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59032-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002450Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.722{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002449Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.722{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002448Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.722{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002447Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.722{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002446Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.959{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49623-false10.0.1.14win-dc-960.attackrange.local5986- 354300x80000000000000002445Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.465{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59031-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002444Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.465{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59031-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002443Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.463{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59030-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002442Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.463{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59030-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002441Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:33.459{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59029-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002468Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.493{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59038-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002467Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.493{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59038-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002466Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.490{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59037-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002465Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.490{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59037-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002464Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.488{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59036-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002463Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.488{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59036-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002462Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.747{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002461Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.747{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002460Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.747{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002459Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.747{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002458Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.480{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59035-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002457Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:34.480{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59035-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002476Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.510{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59040-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002475Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.510{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59040-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002474Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.764{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002473Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.764{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002472Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.764{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002471Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.764{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002470Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.496{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59039-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002469Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:35.496{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59039-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002488Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.526{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59044-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002487Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.526{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59044-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002486Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.781{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002485Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.781{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002484Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.781{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002483Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.781{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002482Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.518{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59043-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002481Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.518{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59043-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002480Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.516{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59042-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002479Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.516{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59042-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002478Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.513{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59041-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002477Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:36.513{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59041-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002504Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.547{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59050-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002503Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.547{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59050-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002502Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.545{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59049-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002501Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.545{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59049-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002500Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.542{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59048-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002499Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.542{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59048-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002498Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.799{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002497Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.799{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002496Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.799{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002495Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.799{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002494Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.538{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59047-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002493Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.538{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59047-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002492Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.535{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59046-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002491Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.535{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59046-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002490Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.529{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59045-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002489Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:37.529{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59045-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002510Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.816{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002509Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.816{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002508Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.816{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002507Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.816{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002506Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.550{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59051-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002505Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:38.550{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59051-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002522Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.833{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002521Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.833{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002520Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.833{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002519Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.833{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002518Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.566{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59055-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002517Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.566{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59055-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002516Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.563{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59054-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002515Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.563{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59054-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002514Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.560{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59053-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002513Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.560{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59053-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002512Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.557{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59052-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002511Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:39.557{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59052-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002534Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.850{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002533Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.850{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002532Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.850{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002531Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.850{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002530Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.581{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59059-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002529Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.581{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59059-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002528Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.578{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59058-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002527Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.578{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59058-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002526Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.576{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59057-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002525Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.576{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59057-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002524Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.573{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59056-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002523Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:40.573{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59056-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002546Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.867{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002545Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.867{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002544Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.867{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002543Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.867{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002542Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.597{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59063-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002541Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.597{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59063-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002540Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.594{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59062-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002539Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.594{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59062-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002538Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.591{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59061-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002537Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.591{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59061-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002536Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.588{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59060-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002535Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:41.588{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59060-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002558Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.884{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002557Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.884{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002556Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.884{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002555Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.884{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002554Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.612{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59067-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002553Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.612{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59067-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002552Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.610{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59066-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002551Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.610{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59066-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002550Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.607{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59065-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002549Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.607{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59065-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002548Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.604{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59064-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002547Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:42.604{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59064-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002579Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.902{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002578Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.902{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002577Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.902{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002576Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.902{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002575Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.644{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59076-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002574Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.644{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59076-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002573Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.641{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59075-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002572Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.641{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59075-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002571Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.638{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59074-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002570Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.638{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59074-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002569Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.635{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59073-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002568Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.635{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59073-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002567Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:44.150{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59072-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x80000000000000002566Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.629{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59071-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002565Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.629{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59071-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002564Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.626{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59070-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002563Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.626{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59070-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002562Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.623{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59069-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002561Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.623{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59069-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002560Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.620{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59068-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002559Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:43.620{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59068-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002650Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.657{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59079-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002649Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.657{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59079-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002648Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.654{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59078-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002647Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.654{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59078-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002646Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.651{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59077-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002645Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.651{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59077-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002644Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.919{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002643Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.919{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002642Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.919{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002641Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.919{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002640Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.887{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002639Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.887{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000002638Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:29:46.872{C7A9AC19-45EA-609D-F602-00000000B901}4512\PSHost.132653933868185846.4512.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000002637Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.856{C7A9AC19-45EA-609D-F602-00000000B901}4512ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_lbbyiws3.nhc.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000002636Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.856{C7A9AC19-45EA-609D-F602-00000000B901}4512ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_me4g2y5r.ue4.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000002635Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.856{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_lbbyiws3.nhc.psm12021-05-13 15:29:46.856 11241100x80000000000000002634Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.856{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_me4g2y5r.ue4.ps12021-05-13 15:29:46.856 734700x80000000000000002633Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.840{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000002632Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.840{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002631Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.825{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002630Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.825{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002629Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.825{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002628Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-45EA-609D-F402-00000000B901}44044436C:\Windows\system32\conhost.exe{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002627Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002626Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002625Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002624Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002623Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002622Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002621Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002620Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002619Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002618Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002617Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-45EA-609D-F502-00000000B901}45644648C:\Windows\system32\cmd.exe{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000002616Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.818{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45EA-609D-B0B9-100000000000}0x10b9b00HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-45EA-609D-F502-00000000B901}4564C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000002615Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-45EA-609D-F402-00000000B901}44044436C:\Windows\system32\conhost.exe{C7A9AC19-45EA-609D-F502-00000000B901}4564C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002614Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002613Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002612Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002611Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002610Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002609Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002608Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002607Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002606Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45EA-609D-F502-00000000B901}4564C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002605Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002604Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-45EA-609D-F302-00000000B901}44241016C:\Windows\system32\WinrsHost.exe{C7A9AC19-45EA-609D-F502-00000000B901}4564C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000002603Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.813{C7A9AC19-45EA-609D-F502-00000000B901}4564C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45EA-609D-B0B9-100000000000}0x10b9b00HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-45EA-609D-F302-00000000B901}4424C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000002602Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002601Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.809{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002600Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.793{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002599Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.778{C7A9AC19-4500-609D-1300-00000000B901}10361428C:\Windows\system32\svchost.exe{C7A9AC19-45EA-609D-F302-00000000B901}4424C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000002598Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.778{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45EA-609D-F302-00000000B901}4424C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000002597Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.762{C7A9AC19-45EA-609D-F402-00000000B901}4404C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000002596Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.762{C7A9AC19-45EA-609D-F402-00000000B901}44044436C:\Windows\system32\conhost.exe{C7A9AC19-45EA-609D-F302-00000000B901}4424C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002595Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.762{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45EA-609D-F402-00000000B901}4404C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002594Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002593Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002592Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002591Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002590Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002589Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002588Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002587Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002586Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002585Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-45EA-609D-F302-00000000B901}4424C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002584Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45EA-609D-F302-00000000B901}4424C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000002583Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.757{C7A9AC19-45EA-609D-F302-00000000B901}4424C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-45EA-609D-B0B9-100000000000}0x10b9b00HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000002582Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002581Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002580Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.746{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000002661Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.660{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59080-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002660Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:45.660{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59080-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002659Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.936{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002658Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.936{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002657Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.936{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002656Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.936{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002655Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.075{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002654Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.075{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002653Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.075{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000002652Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.028{C7A9AC19-45EA-609D-F602-00000000B901}4512C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000002651Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.028{C7A9AC19-45EA-609D-F602-00000000B901}4512ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000002665Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.953{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002664Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.953{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002663Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.953{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002662Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.953{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002684Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.970{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002683Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.970{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002682Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.970{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002681Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.970{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002680Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.688{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59087-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002679Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.688{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59087-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002678Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.685{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59086-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002677Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.685{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59086-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002676Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.682{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59085-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002675Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.682{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59085-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002674Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.675{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59084-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002673Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.675{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59084-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002672Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.672{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59083-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002671Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.672{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59083-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002670Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.669{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59082-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002669Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.669{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59082-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002668Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.666{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59081-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002667Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.666{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59081-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002666Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:46.440{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49627-false10.0.1.14win-dc-960.attackrange.local5986- 10341000x80000000000000002694Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.987{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002693Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.987{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002692Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.987{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002691Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.987{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002690Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.701{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59090-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002689Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.701{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59090-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002688Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.698{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59089-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002687Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.698{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59089-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002686Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.690{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59088-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002685Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:47.690{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59088-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002704Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.719{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59095-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002703Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.719{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59095-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002702Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.716{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59094-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002701Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.716{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59094-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002700Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.713{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59093-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002699Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.713{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59093-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002698Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.706{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59092-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002697Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.706{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59092-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002696Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.704{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59091-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002695Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:48.704{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59091-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002719Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.737{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59100-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002718Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.737{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59100-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 13241300x80000000000000002717Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-SetValue2021-05-13 15:29:52.880{C7A9AC19-4500-609D-1000-00000000B901}408C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7480c-0xd1e27d19) 354300x80000000000000002716Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.735{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59099-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002715Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.735{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59099-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002714Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.732{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59098-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002713Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.732{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59098-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002712Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.729{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59097-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002711Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:50.729{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59097-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002710Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.722{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59096-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002709Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:49.722{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59096-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002708Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.004{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002707Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.004{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002706Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.004{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002705Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.004{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 11241100x80000000000000002746Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.662{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\wbem\Performance\WmiApRpl_new.h2021-05-13 15:29:53.662 10341000x80000000000000002745Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002744Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4582-609D-A502-00000000B901}32922044C:\Windows\sysmon64.exe{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ntdll.dll+6cd0a|C:\Windows\System32\KERNEL32.DLL+1cff8|C:\Windows\System32\KERNEL32.DLL+25a87|C:\Windows\sysmon64.exe+14ced|C:\Windows\sysmon64.exe+15adb|C:\Windows\sysmon64.exe+16c29|C:\Windows\sysmon64.exe+1938c|C:\Windows\sysmon64.exe+11484|C:\Windows\sysmon64.exe+b0591|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002743Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002742Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 25542500x80000000000000002741Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEImage is locked for access 10341000x80000000000000002740Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002739Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002738Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002737Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002736Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002735Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002734Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002733Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002732Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.631{C7A9AC19-4500-609D-1600-00000000B901}12721328C:\Windows\system32\svchost.exe{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|c:\windows\system32\wbem\wmisvc.dll+2624|c:\windows\system32\wbem\wmisvc.dll+2491|C:\Windows\SYSTEM32\ntdll.dll+7de1d|C:\Windows\SYSTEM32\ntdll.dll+3a969|C:\Windows\SYSTEM32\ntdll.dll+1e86f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000002731Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.506{C7A9AC19-4500-609D-1100-00000000B901}416C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat2021-05-13 15:25:52.827 23542300x80000000000000002730Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.506{C7A9AC19-4500-609D-1100-00000000B901}416NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=412DB0740A6FEECED657CC5A79E45343,SHA256=8CFC5A6E9A0A0C86E88ADBA292E99637BA9C28EEF890825E9EB949E4EB639F2C,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000002729Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:51.751{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59103-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002728Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:51.751{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59103-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002727Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:51.748{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59102-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002726Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:51.748{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59102-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002725Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:51.745{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59101-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002724Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:51.745{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59101-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002723Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.037{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002722Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.021{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002721Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.021{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002720Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.021{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002756Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.768{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59106-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002755Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.768{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59106-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002754Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.761{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59105-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002753Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.761{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59105-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002752Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:51.754{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59104-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002751Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:51.754{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59104-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002750Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.054{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002749Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.054{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002748Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.054{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002747Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.054{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002768Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.795{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59110-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002767Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.795{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59110-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002766Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.791{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59109-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002765Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.791{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59109-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002764Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.774{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59108-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002763Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.774{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59108-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002762Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.771{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59107-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002761Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:52.771{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59107-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002760Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.070{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002759Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.070{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002758Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.070{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002757Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.070{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 11241100x80000000000000002780Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.336{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\wbem\Performance\WmiApRpl_new.ini2021-05-13 15:29:56.336 23542300x80000000000000002779Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.336{C7A9AC19-45F1-609D-F702-00000000B901}4844NT AUTHORITY\SYSTEM\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\wbem\Performance\WmiApRpl.hMD5=B133A676D139032A27DE3D9619E70091,SHA256=AE2B6236D3EEB4822835714AE9444E5DCD21BC60F7A909F2962C43BC743C7B15,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000002778Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.807{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59113-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002777Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.807{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59113-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002776Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.086{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002775Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.086{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002774Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.086{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002773Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.086{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002772Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.800{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59112-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002771Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.800{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59112-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002770Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.797{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59111-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002769Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:53.797{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59111-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002790Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.816{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59116-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002789Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.816{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59116-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002788Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.813{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59115-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002787Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.813{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59115-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002786Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.810{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59114-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002785Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:54.810{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59114-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002784Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.101{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002783Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.101{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002782Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.101{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002781Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.101{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002807Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.839{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59123-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002806Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.839{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59123-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002805Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.836{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59122-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002804Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.836{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59122-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002803Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.568{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59121-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x80000000000000002802Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.831{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59120-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002801Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.831{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59120-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002800Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.829{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59119-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002799Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.829{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59119-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002798Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.826{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59118-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002797Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.826{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59118-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002796Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.823{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59117-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002795Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:55.823{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59117-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002794Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.117{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002793Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.117{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002792Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.117{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002791Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.117{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002889Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.963{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002888Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.963{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002887Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.963{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000002886Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.915{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000002885Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.915{C7A9AC19-45F7-609D-FB02-00000000B901}2152ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000002884Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.790{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002883Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.790{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000002882Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:29:59.775{C7A9AC19-45F7-609D-FB02-00000000B901}2152\PSHost.132653933997185683.2152.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000002881Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.759{C7A9AC19-45F7-609D-FB02-00000000B901}2152ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_1kx3p1z2.tdx.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000002880Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.759{C7A9AC19-45F7-609D-FB02-00000000B901}2152ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_ysdw0ymy.52n.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000002879Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.743{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_1kx3p1z2.tdx.psm12021-05-13 15:29:59.743 11241100x80000000000000002878Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.743{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_ysdw0ymy.52n.ps12021-05-13 15:29:59.743 734700x80000000000000002877Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.743{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000002876Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.743{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002875Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.728{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002874Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.728{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002873Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.728{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002872Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-45F7-609D-F902-00000000B901}6365048C:\Windows\system32\conhost.exe{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002871Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002870Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002869Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002868Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002867Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002866Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002865Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002864Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002863Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002862Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002861Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-45F7-609D-FA02-00000000B901}30281300C:\Windows\system32\cmd.exe{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000002860Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.718{C7A9AC19-45F7-609D-FB02-00000000B901}2152C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45F7-609D-9AF4-100000000000}0x10f49a0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-45F7-609D-FA02-00000000B901}3028C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000002859Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-45F7-609D-F902-00000000B901}6365048C:\Windows\system32\conhost.exe{C7A9AC19-45F7-609D-FA02-00000000B901}3028C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002858Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002857Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002856Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002855Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002854Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002853Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002852Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002851Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002850Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45F7-609D-FA02-00000000B901}3028C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002849Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002848Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-45F7-609D-F802-00000000B901}37764852C:\Windows\system32\WinrsHost.exe{C7A9AC19-45F7-609D-FA02-00000000B901}3028C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000002847Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.712{C7A9AC19-45F7-609D-FA02-00000000B901}3028C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-45F7-609D-9AF4-100000000000}0x10f49a0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-45F7-609D-F802-00000000B901}3776C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000002846Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.696{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002845Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.696{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002844Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.696{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002843Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.681{C7A9AC19-4500-609D-1300-00000000B901}10361420C:\Windows\system32\svchost.exe{C7A9AC19-45F7-609D-F802-00000000B901}3776C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000002842Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.681{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-45F7-609D-F802-00000000B901}3776C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000002841Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.665{C7A9AC19-45F7-609D-F902-00000000B901}636C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000002840Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.665{C7A9AC19-45F7-609D-F902-00000000B901}6365048C:\Windows\system32\conhost.exe{C7A9AC19-45F7-609D-F802-00000000B901}3776C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002839Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-45F7-609D-F902-00000000B901}636C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002838Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002837Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002836Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002835Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002834Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002833Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002832Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002831Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002830Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002829Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-45F7-609D-F802-00000000B901}3776C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000002828Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-45F7-609D-F802-00000000B901}3776C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000002827Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.657{C7A9AC19-45F7-609D-F802-00000000B901}3776C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-45F7-609D-9AF4-100000000000}0x10f49a0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000002826Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002825Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000002824Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.650{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000002823Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.861{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59129-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002822Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.861{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59129-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002821Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.858{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59128-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002820Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.858{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59128-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002819Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.855{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59127-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002818Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.855{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59127-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002817Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.852{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59126-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002816Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:57.852{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59126-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002815Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.845{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59125-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002814Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.845{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59125-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002813Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.842{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59124-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002812Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:56.842{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59124-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002811Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.134{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002810Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.134{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002809Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.134{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002808Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.134{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002901Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.876{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59133-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002900Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.876{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59133-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002899Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.874{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59132-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002898Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.874{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59132-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002897Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.871{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59131-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002896Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.871{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59131-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002895Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.868{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59130-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002894Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:58.868{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59130-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002893Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.150{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002892Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.150{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002891Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.150{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002890Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.150{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002914Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.892{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59137-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002913Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.892{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59137-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002912Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.889{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59136-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002911Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.889{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59136-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002910Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.886{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59135-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002909Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.886{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59135-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002908Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.883{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59134-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002907Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.883{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59134-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002906Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:29:59.322{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49628-false10.0.1.14win-dc-960.attackrange.local5986- 10341000x80000000000000002905Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.166{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002904Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.166{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002903Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.166{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002902Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.166{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002926Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.907{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59141-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002925Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.907{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59141-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002924Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.904{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59140-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002923Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.904{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59140-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002922Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.902{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59139-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002921Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.902{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59139-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002920Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.899{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59138-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002919Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:00.899{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59138-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002918Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.183{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002917Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.183{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002916Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.183{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002915Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.183{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002938Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.923{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59145-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002937Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.923{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59145-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002936Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.920{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59144-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002935Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.920{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59144-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002934Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.917{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59143-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002933Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.917{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59143-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002932Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.914{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59142-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002931Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:01.914{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59142-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002930Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.199{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002929Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.199{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002928Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.199{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002927Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.199{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002950Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.939{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59149-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002949Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.939{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59149-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002948Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.936{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59148-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002947Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.936{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59148-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002946Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.933{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59147-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002945Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.933{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59147-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002944Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.930{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59146-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002943Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:02.930{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59146-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002942Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.215{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002941Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.215{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002940Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.215{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002939Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.215{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000002962Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.954{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59153-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002961Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.954{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59153-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002960Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.951{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59152-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002959Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.951{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59152-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002958Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.949{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59151-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002957Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.949{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59151-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002956Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.946{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59150-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000002955Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:03.946{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59150-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000002954Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.232{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002953Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.232{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002952Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.232{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002951Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.232{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003007Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.967{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59156-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003006Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.967{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59156-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003005Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.964{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59155-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003004Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.964{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59155-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003003Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.961{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59154-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003002Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.961{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59154-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 12241200x80000000000000003001Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Updating 13241300x80000000000000003000Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object List26132 26138 26148 26158 26178 26222 26232 26270 26276 26292 13241300x80000000000000002999Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First HelpDWORD (0x00006615) 13241300x80000000000000002998Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First CounterDWORD (0x00006614) 13241300x80000000000000002997Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last HelpDWORD (0x000066bb) 13241300x80000000000000002996Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last CounterDWORD (0x000066ba) 13241300x80000000000000002995Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x000066bb) 13241300x80000000000000002994Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x000066ba) 11241100x80000000000000002993Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\perfh009.dat2016-07-16 13:25:09.351 11241100x80000000000000002992Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\perfc009.dat2016-07-16 13:25:09.351 23542300x80000000000000002991Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.264{C7A9AC19-45F1-609D-F702-00000000B901}4844NT AUTHORITY\SYSTEM\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\PerfStringBackup.TMPMD5=3FD1F013EF405825CE8D044B17072D09,SHA256=C4DD725447CC298558386AF9FA09BD754CD586ECB4DF7EE5BBB8A3EBE705AC5D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000002990Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.248{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002989Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.248{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002988Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.248{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000002987Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.248{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 11241100x80000000000000002986Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.233{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\PerfStringBackup.INI2016-10-18 02:05:07.519 23542300x80000000000000002985Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.233{C7A9AC19-45F1-609D-F702-00000000B901}4844NT AUTHORITY\SYSTEM\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\PerfStringBackup.INIMD5=3FD1F013EF405825CE8D044B17072D09,SHA256=C4DD725447CC298558386AF9FA09BD754CD586ECB4DF7EE5BBB8A3EBE705AC5D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000002984Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\PerfStringBackup.TMP2021-05-13 15:30:06.154 13241300x80000000000000002983Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRpl 13241300x80000000000000002982Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\PerfIniFileWmiApRpl.ini 11241100x80000000000000002981Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\INF\WmiApRpl\00092021-05-13 15:30:06.154 11241100x80000000000000002980Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\INF\WmiApRpl\WmiApRpl.ini2021-05-13 15:30:06.154 11241100x80000000000000002979Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\INF\WmiApRpl\WmiApRpl.h2021-05-13 15:30:06.154 11241100x80000000000000002978Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\INF\WmiApRpl2021-05-13 15:30:06.154 23542300x80000000000000002977Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844NT AUTHORITY\SYSTEM\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\INF\WmiApRpl\WmiApRpl.iniMD5=FFDEEA82BA4A5A65585103DD2A922DFE,SHA256=C20B11DFF802AA472265F4E9F330244EC4ACA81B0009F6EFCB2CF8A36086F390,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000002976Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844NT AUTHORITY\SYSTEM\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\INF\WmiApRpl\WmiApRpl.hMD5=B133A676D139032A27DE3D9619E70091,SHA256=AE2B6236D3EEB4822835714AE9444E5DCD21BC60F7A909F2962C43BC743C7B15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000002975Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844NT AUTHORITY\SYSTEM\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\INF\WmiApRpl\0009\WmiApRpl.iniMD5=FFDEEA82BA4A5A65585103DD2A922DFE,SHA256=C20B11DFF802AA472265F4E9F330244EC4ACA81B0009F6EFCB2CF8A36086F390,IMPHASH=00000000000000000000000000000000falsetrue 12241200x80000000000000002974Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Updating 12241200x80000000000000002973Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object List 12241200x80000000000000002972Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last Help 12241200x80000000000000002971Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First Help 12241200x80000000000000002970Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last Counter 12241200x80000000000000002969Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First Counter 13241300x80000000000000002968Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x00006613) 13241300x80000000000000002967Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.154{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x00006612) 11241100x80000000000000002966Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.139{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\perfh009.dat2016-07-16 13:25:09.351 11241100x80000000000000002965Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.139{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\perfc009.dat2016-07-16 13:25:09.351 13241300x80000000000000002964Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:06.139{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRpl 23542300x80000000000000002963Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.139{C7A9AC19-45F1-609D-F702-00000000B901}4844NT AUTHORITY\SYSTEM\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\wbem\Performance\WmiApRpl.iniMD5=FFDEEA82BA4A5A65585103DD2A922DFE,SHA256=C20B11DFF802AA472265F4E9F330244EC4ACA81B0009F6EFCB2CF8A36086F390,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000003021Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.985{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59161-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003020Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.985{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59161-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003019Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.982{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59160-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003018Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.982{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59160-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003017Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.980{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59159-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003016Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.980{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59159-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003015Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.977{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59158-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003014Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:05.977{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59158-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003013Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.970{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59157-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003012Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:04.970{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59157-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003011Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:07.265{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003010Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:07.265{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003009Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:07.265{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003008Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:07.265{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003046Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:07.001{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59165-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003045Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:07.001{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59165-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003044Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.998{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59164-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003043Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.998{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59164-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003042Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.996{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59163-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003041Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.996{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59163-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003040Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.993{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59162-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003039Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:06.992{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59162-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 13241300x80000000000000003038Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance RefreshedDWORD (0x00000001) 13241300x80000000000000003037Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance RefreshDWORD (0x00000000) 13241300x80000000000000003036Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:-575650048,HighDateTime:30874337***Binary mof compiled successfully 13241300x80000000000000003035Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000003034Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-2024749675,HighDateTime:30736945***Binary mof compiled successfully 13241300x80000000000000003033Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000003032Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfully 13241300x80000000000000003031Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfully 13241300x80000000000000003030Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfully 13241300x80000000000000003029Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\system32\en-US\kernelbase.dll.mui[MofResourceName]LowDateTime:-1711938829,HighDateTime:30871737***Binary mof compiled successfully 13241300x80000000000000003028Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\system32\kernelbase.dll[MofResourceName]LowDateTime:1488817152,HighDateTime:30878798***Binary mof compiled successfully 12241200x80000000000000003027Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashDeleteKey2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE 13241300x80000000000000003026Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2021-05-13 15:30:08.656{C7A9AC19-45F1-609D-F702-00000000B901}4844\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance DataBinary Data 10341000x80000000000000003025Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.281{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003024Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.281{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003023Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.281{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003022Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.281{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003058Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.017{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59169-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003057Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.017{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59169-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003056Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.014{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59168-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003055Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.014{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59168-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003054Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.012{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59167-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003053Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.012{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59167-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003052Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.008{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59166-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003051Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:08.008{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59166-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003050Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.297{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003049Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.297{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003048Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.297{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003047Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.297{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003070Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.032{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59173-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003069Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.032{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59173-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003068Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.030{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59172-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003067Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.030{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59172-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003066Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.027{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59171-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003065Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.027{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59171-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003064Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.024{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59170-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003063Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:09.024{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59170-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003062Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.314{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003061Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.314{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003060Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.314{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003059Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.314{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003082Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.048{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59177-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003081Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.048{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59177-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003080Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.046{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59176-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003079Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.046{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59176-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003078Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.043{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59175-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003077Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.043{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59175-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003076Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.039{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59174-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003075Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:10.039{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59174-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003074Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.330{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003073Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.330{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003072Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.330{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003071Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.330{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003155Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.984{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003154Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.984{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000003153Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:30:12.968{C7A9AC19-4604-609D-FF02-00000000B901}3700\PSHost.132653934129102211.3700.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000003152Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.953{C7A9AC19-4604-609D-FF02-00000000B901}3700ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_no4lyvr0.ky2.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000003151Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.953{C7A9AC19-4604-609D-FF02-00000000B901}3700ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_knbgyp1n.ubr.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000003150Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.937{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_no4lyvr0.ky2.psm12021-05-13 15:30:12.937 11241100x80000000000000003149Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.937{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_knbgyp1n.ubr.ps12021-05-13 15:30:12.937 734700x80000000000000003148Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.937{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000003147Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.937{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003146Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.921{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003145Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.921{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003144Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.921{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003143Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4604-609D-FD02-00000000B901}33684060C:\Windows\system32\conhost.exe{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003142Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003141Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003140Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003139Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003138Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003137Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003136Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003135Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003134Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003133Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003132Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4604-609D-FE02-00000000B901}34763652C:\Windows\system32\cmd.exe{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000003131Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.910{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-4604-609D-582E-110000000000}0x112e580HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-4604-609D-FE02-00000000B901}3476C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000003130Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.906{C7A9AC19-4604-609D-FD02-00000000B901}33684060C:\Windows\system32\conhost.exe{C7A9AC19-4604-609D-FE02-00000000B901}3476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003129Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003128Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003127Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003126Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003125Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003124Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003123Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003122Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003121Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-4604-609D-FE02-00000000B901}3476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003120Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003119Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-4604-609D-FC02-00000000B901}3132640C:\Windows\system32\WinrsHost.exe{C7A9AC19-4604-609D-FE02-00000000B901}3476C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000003118Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.904{C7A9AC19-4604-609D-FE02-00000000B901}3476C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-4604-609D-582E-110000000000}0x112e580HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-4604-609D-FC02-00000000B901}3132C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000003117Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003116Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003115Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.890{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003114Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.875{C7A9AC19-4500-609D-1300-00000000B901}10361420C:\Windows\system32\svchost.exe{C7A9AC19-4604-609D-FC02-00000000B901}3132C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000003113Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.859{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4604-609D-FC02-00000000B901}3132C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000003112Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.859{C7A9AC19-4604-609D-FD02-00000000B901}3368C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000003111Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.859{C7A9AC19-4604-609D-FD02-00000000B901}33684060C:\Windows\system32\conhost.exe{C7A9AC19-4604-609D-FC02-00000000B901}3132C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003110Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-4604-609D-FD02-00000000B901}3368C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003109Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003108Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003107Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003106Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003105Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003104Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003103Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003102Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003101Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003100Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-4604-609D-FC02-00000000B901}3132C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003099Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4604-609D-FC02-00000000B901}3132C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000003098Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.848{C7A9AC19-4604-609D-FC02-00000000B901}3132C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-4604-609D-582E-110000000000}0x112e580HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000003097Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003096Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003095Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.843{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000003094Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.063{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59181-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003093Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.063{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59181-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003092Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.061{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59180-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003091Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.061{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59180-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003090Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.058{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59179-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003089Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.058{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59179-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003088Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.055{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59178-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003087Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:11.055{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59178-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003086Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.346{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003085Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.346{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003084Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.346{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003083Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.346{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003172Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.079{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59185-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003171Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.079{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59185-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003170Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.077{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59184-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003169Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.077{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59184-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003168Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.359{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003167Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.359{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003166Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.359{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003165Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.359{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003164Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.074{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59183-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003163Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.074{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59183-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003162Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.071{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59182-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003161Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.071{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59182-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003160Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.156{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003159Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.156{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003158Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.156{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000003157Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.109{C7A9AC19-4604-609D-FF02-00000000B901}3700C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000003156Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.109{C7A9AC19-4604-609D-FF02-00000000B901}3700ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000003185Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.092{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59189-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003184Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.092{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59189-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003183Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.089{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59188-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003182Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.089{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59188-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003181Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.086{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59187-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003180Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.086{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59187-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003179Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.083{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59186-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003178Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:13.083{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59186-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003177Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:12.502{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49633-false10.0.1.14win-dc-960.attackrange.local5986- 10341000x80000000000000003176Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.372{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003175Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.372{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003174Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.372{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003173Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.372{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003197Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.103{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59193-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003196Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.103{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59193-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003195Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.101{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59192-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003194Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.101{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59192-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003193Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.098{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59191-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003192Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.098{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59191-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003191Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.095{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59190-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003190Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:14.095{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59190-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003189Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.391{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003188Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.391{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003187Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.391{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003186Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.391{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003201Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.408{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003200Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.408{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003199Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.408{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003198Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.408{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003213Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.433{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003212Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.433{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003211Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.433{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003210Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.433{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003209Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.122{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59197-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003208Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.122{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59197-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003207Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.119{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59196-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003206Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.119{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59196-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003205Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.117{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59195-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003204Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.117{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59195-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003203Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.114{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59194-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003202Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:15.113{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59194-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003225Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.449{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003224Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.449{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003223Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.449{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003222Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.449{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003221Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.138{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59201-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003220Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.138{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59201-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003219Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.135{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59200-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003218Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.135{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59200-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003217Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.132{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59199-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003216Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.132{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59199-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003215Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.129{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59198-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003214Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:16.129{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59198-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003239Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.169{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59206-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003238Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.169{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59206-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003237Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.465{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003236Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.465{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003235Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.465{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003234Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.465{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003233Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.162{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59205-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003232Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.162{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59205-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003231Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.159{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59204-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003230Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.159{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59204-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003229Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.156{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59203-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003228Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.156{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59203-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003227Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.153{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59202-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003226Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:17.153{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59202-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003251Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.185{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59210-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003250Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.185{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59210-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003249Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.482{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003248Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.482{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003247Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.482{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003246Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.482{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003245Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.178{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59209-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003244Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.178{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59209-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003243Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.175{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59208-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003242Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.175{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59208-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003241Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.172{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59207-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003240Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:18.172{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59207-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003261Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.498{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003260Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.498{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003259Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.498{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003258Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.498{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003257Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.193{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59213-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003256Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.193{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59213-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003255Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.191{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59212-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003254Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.191{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59212-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003253Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.188{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59211-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003252Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:19.188{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59211-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003277Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.514{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003276Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.514{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003275Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.514{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003274Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.514{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003273Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.219{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59219-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003272Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.219{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59219-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003271Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.216{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59218-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003270Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.216{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59218-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003269Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.209{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59217-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003268Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.209{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59217-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003267Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.206{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59216-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003266Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.206{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59216-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003265Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.203{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59215-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003264Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.203{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59215-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003263Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.200{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59214-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003262Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:20.200{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59214-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003285Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.531{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003284Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.531{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003283Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.531{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003282Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.531{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003281Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.225{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59221-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003280Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.225{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59221-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003279Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.222{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59220-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003278Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:21.222{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59220-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003303Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.253{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59228-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003302Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.253{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59228-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003301Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.250{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59227-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003300Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.250{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59227-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003299Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.247{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59226-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003298Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.247{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59226-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003297Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.547{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003296Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.547{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003295Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.547{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003294Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.547{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003293Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.240{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59225-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003292Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.240{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59225-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003291Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.237{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59224-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003290Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.237{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59224-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003289Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.234{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59223-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003288Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.234{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59223-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003287Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.231{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59222-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003286Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:22.231{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59222-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003377Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.688{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003376Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.688{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003375Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.688{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000003374Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.641{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000003373Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.641{C7A9AC19-4611-609D-0303-00000000B901}4812ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000003372Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.563{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003371Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.563{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003370Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.563{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003369Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.563{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003368Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.516{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003367Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.516{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000003366Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:30:25.501{C7A9AC19-4611-609D-0303-00000000B901}4812\PSHost.132653934254464554.4812.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000003365Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.485{C7A9AC19-4611-609D-0303-00000000B901}4812ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_fuajnjmr.tw2.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000003364Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.485{C7A9AC19-4611-609D-0303-00000000B901}4812ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_c0it1kus.xpo.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000003363Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.485{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_fuajnjmr.tw2.psm12021-05-13 15:30:25.485 11241100x80000000000000003362Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.485{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_c0it1kus.xpo.ps12021-05-13 15:30:25.485 734700x80000000000000003361Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.469{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000003360Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.469{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003359Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.454{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003358Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.454{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003357Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.454{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003356Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4611-609D-0103-00000000B901}43564672C:\Windows\system32\conhost.exe{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003355Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003354Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003353Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003352Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003351Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003350Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003349Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003348Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003347Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003346Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003345Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4611-609D-0203-00000000B901}30443940C:\Windows\system32\cmd.exe{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000003344Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.446{C7A9AC19-4611-609D-0303-00000000B901}4812C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-4611-609D-5C61-110000000000}0x11615c0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-4611-609D-0203-00000000B901}3044C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000003343Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4611-609D-0103-00000000B901}43564672C:\Windows\system32\conhost.exe{C7A9AC19-4611-609D-0203-00000000B901}3044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003342Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003341Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003340Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003339Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003338Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003337Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003336Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003335Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003334Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003333Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-4611-609D-0203-00000000B901}3044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003332Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-4611-609D-0003-00000000B901}28964608C:\Windows\system32\WinrsHost.exe{C7A9AC19-4611-609D-0203-00000000B901}3044C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000003331Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.441{C7A9AC19-4611-609D-0203-00000000B901}3044C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-4611-609D-5C61-110000000000}0x11615c0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-4611-609D-0003-00000000B901}2896C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000003330Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003329Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.438{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003328Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.422{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003327Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.407{C7A9AC19-4500-609D-1300-00000000B901}10361428C:\Windows\system32\svchost.exe{C7A9AC19-4611-609D-0003-00000000B901}2896C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000003326Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.407{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4611-609D-0003-00000000B901}2896C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000003325Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.391{C7A9AC19-4611-609D-0103-00000000B901}4356C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000003324Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.391{C7A9AC19-4611-609D-0103-00000000B901}43564672C:\Windows\system32\conhost.exe{C7A9AC19-4611-609D-0003-00000000B901}2896C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003323Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.391{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-4611-609D-0103-00000000B901}4356C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003322Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003321Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003320Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003319Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003318Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003317Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003316Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003315Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003314Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003313Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-4611-609D-0003-00000000B901}2896C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003312Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4611-609D-0003-00000000B901}2896C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000003311Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.389{C7A9AC19-4611-609D-0003-00000000B901}2896C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-4611-609D-5C61-110000000000}0x11615c0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000003310Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003309Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003308Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.376{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000003307Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.918{C7A9AC19-44FE-609D-0B00-00000000B901}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local59230-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000003306Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.918{C7A9AC19-4510-609D-2000-00000000B901}2484C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local59230-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000003305Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.255{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59229-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003304Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:23.255{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59229-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003394Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.281{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59236-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003393Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.281{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59236-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003392Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.278{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59235-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003391Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.278{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59235-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003390Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.034{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49636-false10.0.1.14win-dc-960.attackrange.local5986- 354300x80000000000000003389Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.271{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59234-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003388Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.271{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59234-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003387Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.268{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59233-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003386Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.268{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59233-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003385Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.266{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59232-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003384Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.266{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59232-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003383Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.263{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59231-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003382Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:24.263{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59231-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003381Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.580{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003380Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.580{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003379Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.580{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003378Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.580{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003398Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.596{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003397Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.596{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003396Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.596{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003395Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.596{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003416Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.310{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59243-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003415Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.309{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59243-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003414Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.302{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59242-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003413Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.302{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59242-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003412Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.299{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59241-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003411Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.299{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59241-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003410Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.297{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59240-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003409Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.297{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59240-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003408Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.294{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59239-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003407Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:26.294{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59239-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003406Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.287{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59238-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003405Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.287{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59238-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003404Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.284{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59237-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003403Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:25.284{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59237-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003402Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.612{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003401Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.612{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003400Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.612{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003399Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.612{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003432Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.331{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59249-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003431Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.331{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59249-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003430Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.328{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59248-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003429Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.328{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59248-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003428Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.325{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59247-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003427Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.325{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59247-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003426Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.318{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59246-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003425Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.318{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59246-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003424Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.315{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59245-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003423Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.315{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59245-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003422Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.312{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59244-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003421Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:27.312{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59244-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003420Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.629{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003419Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.629{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003418Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.629{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003417Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.629{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003438Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.334{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59250-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003437Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:28.334{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59250-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003436Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.645{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003435Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.645{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003434Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.645{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003433Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.645{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003452Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.357{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59255-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003451Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.356{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59255-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003450Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.349{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59254-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003449Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.349{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59254-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003448Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.347{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59253-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003447Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.347{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59253-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003446Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.344{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59252-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003445Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.344{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59252-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003444Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.341{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59251-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003443Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:29.341{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59251-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003442Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.661{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003441Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.661{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003440Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.661{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003439Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.661{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003470Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.380{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59262-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003469Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.380{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59262-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003468Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.378{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59261-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003467Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.378{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59261-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003466Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.375{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59260-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003465Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.375{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59260-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003464Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.372{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59259-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003463Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:31.372{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59259-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003462Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.365{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59258-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003461Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.365{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59258-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003460Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.362{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59257-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003459Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.362{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59257-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003458Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.359{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59256-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003457Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:30.359{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59256-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003456Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.677{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003455Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.677{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003454Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.677{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003453Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.677{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003482Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.396{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59266-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003481Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.396{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59266-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003480Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.394{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59265-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003479Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.394{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59265-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003478Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.391{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59264-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003477Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.391{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59264-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003476Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.388{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59263-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003475Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:32.388{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59263-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003474Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.694{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003473Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.694{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003472Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.694{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003471Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.694{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003494Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.412{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59270-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003493Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.412{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59270-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003492Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.409{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59269-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003491Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.409{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59269-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003490Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.406{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59268-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003489Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.406{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59268-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003488Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.710{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003487Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.710{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003486Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.710{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003485Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.710{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003484Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.403{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59267-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003483Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:33.403{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59267-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003501Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.419{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59271-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003500Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.419{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59271-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003499Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.726{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003498Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.726{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003497Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.726{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003496Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.726{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 11241100x80000000000000003495Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.007{C7A9AC19-4500-609D-1200-00000000B901}776C:\Windows\System32\svchost.exeC:\Windows\System32\LogFiles\Sum\Svctmp.log2021-05-13 15:21:59.491 10341000x80000000000000003509Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.747{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003508Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.747{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003507Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.747{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003506Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.747{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003505Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.425{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59273-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003504Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.425{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59273-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003503Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.422{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59272-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003502Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.422{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59272-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003527Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.455{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59279-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003526Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.455{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59279-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003525Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.764{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003524Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.764{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003523Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.764{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003522Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.764{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003521Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.279{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003520Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.279{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\system32\dns.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003519Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.443{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59278-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003518Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.443{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59278-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003517Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.440{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59277-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003516Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.440{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59277-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003515Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.437{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59276-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003514Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.437{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59276-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003513Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.434{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59275-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003512Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:35.434{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59275-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003511Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.428{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59274-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003510Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:34.427{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59274-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003611Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.471{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59285-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003610Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.470{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59285-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003609Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.780{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003608Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.780{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003607Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.780{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003606Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.483{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003605Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.780{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003604Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.483{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003603Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.483{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000003602Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.436{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000003601Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.436{C7A9AC19-461E-609D-0703-00000000B901}3348ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000003600Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.992{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local61452- 354300x80000000000000003599Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.990{C7A9AC19-44FE-609D-0B00-00000000B901}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local59284-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000003598Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.990{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local59284-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000003597Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.989{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local56173- 354300x80000000000000003596Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.986{C7A9AC19-44FE-609D-0B00-00000000B901}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local59283-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 354300x80000000000000003595Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.986{C7A9AC19-4510-609D-2400-00000000B901}2684C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-960.attackrange.local59283-true0:0:0:0:0:0:0:1win-dc-960.attackrange.local389ldap 10341000x80000000000000003594Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.295{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003593Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.295{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000003592Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:30:38.280{C7A9AC19-461E-609D-0703-00000000B901}3348\PSHost.132653934382277064.3348.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000003591Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.264{C7A9AC19-461E-609D-0703-00000000B901}3348ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_5pjyx4jg.kcx.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000003590Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.264{C7A9AC19-461E-609D-0703-00000000B901}3348ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_gj0kgvss.sjz.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000003589Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.264{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_5pjyx4jg.kcx.psm12021-05-13 15:30:38.264 11241100x80000000000000003588Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.264{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_gj0kgvss.sjz.ps12021-05-13 15:30:38.264 734700x80000000000000003587Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.248{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000003586Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.248{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003585Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.233{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003584Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.233{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003583Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.233{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003582Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-461E-609D-0503-00000000B901}41564112C:\Windows\system32\conhost.exe{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003581Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003580Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003579Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003578Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003577Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003576Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003575Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003574Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003573Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003572Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003571Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-461E-609D-0603-00000000B901}26804804C:\Windows\system32\cmd.exe{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000003570Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.227{C7A9AC19-461E-609D-0703-00000000B901}3348C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-461E-609D-B696-110000000000}0x1196b60HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-461E-609D-0603-00000000B901}2680C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000003569Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-461E-609D-0503-00000000B901}41564112C:\Windows\system32\conhost.exe{C7A9AC19-461E-609D-0603-00000000B901}2680C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003568Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003567Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003566Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003565Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003564Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003563Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003562Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003561Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003560Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-461E-609D-0603-00000000B901}2680C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003559Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003558Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-461E-609D-0403-00000000B901}4148520C:\Windows\system32\WinrsHost.exe{C7A9AC19-461E-609D-0603-00000000B901}2680C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000003557Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.222{C7A9AC19-461E-609D-0603-00000000B901}2680C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-461E-609D-B696-110000000000}0x1196b60HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-461E-609D-0403-00000000B901}4148C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000003556Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003555Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003554Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.217{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003553Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.186{C7A9AC19-4500-609D-1300-00000000B901}10361812C:\Windows\system32\svchost.exe{C7A9AC19-461E-609D-0403-00000000B901}4148C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000003552Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.186{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-461E-609D-0403-00000000B901}4148C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000003551Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.170{C7A9AC19-461E-609D-0503-00000000B901}4156C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000003550Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.170{C7A9AC19-461E-609D-0503-00000000B901}41564112C:\Windows\system32\conhost.exe{C7A9AC19-461E-609D-0403-00000000B901}4148C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003549Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-461E-609D-0503-00000000B901}4156C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003548Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003547Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003546Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003545Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003544Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003543Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003542Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003541Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003540Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003539Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-461E-609D-0403-00000000B901}4148C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003538Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-461E-609D-0403-00000000B901}4148C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000003537Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.163{C7A9AC19-461E-609D-0403-00000000B901}4148C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-461E-609D-B696-110000000000}0x1196b60HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000003536Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003535Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003534Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.155{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000003533Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.464{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59282-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003532Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.464{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59282-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003531Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.461{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59281-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003530Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.461{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59281-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003529Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.458{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59280-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003528Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:36.458{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59280-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003625Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.489{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59290-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003624Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.486{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59289-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003623Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.486{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59289-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003622Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.796{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003621Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.796{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003620Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.796{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003619Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.796{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003618Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.802{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49637-false10.0.1.14win-dc-960.attackrange.local5986- 354300x80000000000000003617Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.479{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59288-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003616Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.479{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59288-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003615Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.476{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59287-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003614Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.476{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59287-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003613Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.473{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59286-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003612Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:37.473{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59286-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003634Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.813{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003633Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.813{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003632Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.813{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003631Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.813{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003630Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.495{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59292-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003629Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.495{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59292-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003628Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.492{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59291-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003627Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.492{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59291-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003626Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:38.489{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59290-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003650Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.520{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59298-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003649Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.520{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59298-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003648Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.517{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59297-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003647Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.517{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59297-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003646Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.829{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003645Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.829{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003644Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.829{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003643Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.829{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003642Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.510{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59296-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003641Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.510{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59296-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003640Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.507{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59295-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003639Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.507{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59295-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003638Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.505{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59294-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003637Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.505{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59294-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003636Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.502{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59293-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003635Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:39.502{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59293-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003658Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.845{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003657Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.845{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003656Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.845{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003655Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.845{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003654Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.526{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59300-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003653Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.526{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59300-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003652Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.523{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59299-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003651Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:40.523{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59299-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003670Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.861{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003669Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.861{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003668Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.861{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003667Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.861{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003666Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.542{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59304-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003665Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.542{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59304-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003664Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.539{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59303-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003663Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.539{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59303-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003662Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.536{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59302-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003661Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.536{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59302-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003660Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.533{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59301-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003659Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:41.533{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59301-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003682Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.878{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003681Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.878{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003680Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.878{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003679Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.878{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003678Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.557{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59308-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003677Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.557{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59308-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003676Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.554{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59307-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003675Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.554{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59307-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003674Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.552{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59306-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003673Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.552{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59306-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003672Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.549{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59305-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003671Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:42.549{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59305-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003694Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.894{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003693Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.894{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003692Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.894{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003691Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.894{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003690Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.573{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59312-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003689Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.573{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59312-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003688Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.570{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59311-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003687Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.570{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59311-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003686Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.567{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59310-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003685Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.567{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59310-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003684Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.564{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59309-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003683Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:43.564{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59309-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003706Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.910{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003705Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.910{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003704Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.910{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003703Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.910{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003702Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.588{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59316-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003701Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.588{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59316-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003700Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.586{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59315-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003699Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.585{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59315-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003698Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.583{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59314-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003697Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.583{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59314-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003696Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.580{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59313-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003695Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:44.580{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59313-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003720Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.611{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59321-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003719Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.611{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59321-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003718Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.926{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003717Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.926{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003716Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.926{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003715Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.926{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003714Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.604{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59320-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003713Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.604{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59320-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003712Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.602{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59319-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003711Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.602{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59319-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003710Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.599{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59318-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003709Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.599{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59318-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003708Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.595{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59317-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003707Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:45.595{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59317-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003736Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.633{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59327-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003735Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.633{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59327-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003734Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.630{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59326-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003733Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.630{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59326-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003732Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.627{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59325-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003731Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.627{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59325-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003730Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.943{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003729Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.943{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003728Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.943{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003727Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.943{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003726Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.620{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59324-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003725Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.619{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59324-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003724Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.617{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59323-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003723Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.617{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59323-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003722Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.614{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59322-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003721Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:46.614{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59322-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003743Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.959{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003742Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.959{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003741Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.959{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003740Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.959{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003739Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.635{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59328-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003738Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:47.635{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59328-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 13241300x80000000000000003737Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-SetValue2021-05-13 15:30:49.162{C7A9AC19-4500-609D-1000-00000000B901}408C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7480c-0xf36e6064) 10341000x80000000000000003818Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.975{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 11241100x80000000000000003817Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.975{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000003816Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.975{C7A9AC19-462A-609D-0B03-00000000B901}4072ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x80000000000000003815Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.975{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003814Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.975{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003813Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.975{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003812Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.850{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003811Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.850{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000003810Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:30:50.834{C7A9AC19-462A-609D-0B03-00000000B901}4072\PSHost.132653934507769399.4072.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000003809Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.819{C7A9AC19-462A-609D-0B03-00000000B901}4072ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_yrfnrpbl.wlf.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000003808Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.819{C7A9AC19-462A-609D-0B03-00000000B901}4072ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_1jzvqfti.o5u.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000003807Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.803{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_yrfnrpbl.wlf.psm12021-05-13 15:30:50.803 11241100x80000000000000003806Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.803{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_1jzvqfti.o5u.ps12021-05-13 15:30:50.803 734700x80000000000000003805Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.803{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000003804Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.803{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003803Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.788{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003802Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.788{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003801Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.788{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003800Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-462A-609D-0903-00000000B901}44084368C:\Windows\system32\conhost.exe{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003799Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003798Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003797Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003796Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003795Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003794Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003793Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003792Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003791Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003790Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003789Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-462A-609D-0A03-00000000B901}45084256C:\Windows\system32\cmd.exe{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000003788Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.776{C7A9AC19-462A-609D-0B03-00000000B901}4072C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-462A-609D-B5C9-110000000000}0x11c9b50HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-462A-609D-0A03-00000000B901}4508C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000003787Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-462A-609D-0903-00000000B901}44084368C:\Windows\system32\conhost.exe{C7A9AC19-462A-609D-0A03-00000000B901}4508C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003786Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003785Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003784Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003783Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003782Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.772{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003781Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.756{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003780Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.756{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003779Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.756{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003778Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.756{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-462A-609D-0A03-00000000B901}4508C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003777Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.756{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003776Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.756{C7A9AC19-462A-609D-0803-00000000B901}41084384C:\Windows\system32\WinrsHost.exe{C7A9AC19-462A-609D-0A03-00000000B901}4508C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000003775Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.771{C7A9AC19-462A-609D-0A03-00000000B901}4508C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-462A-609D-B5C9-110000000000}0x11c9b50HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-462A-609D-0803-00000000B901}4108C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000003774Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.756{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003773Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.756{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003772Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.756{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003771Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.741{C7A9AC19-4500-609D-1300-00000000B901}10361428C:\Windows\system32\svchost.exe{C7A9AC19-462A-609D-0803-00000000B901}4108C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000003770Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.725{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-462A-609D-0803-00000000B901}4108C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000003769Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.725{C7A9AC19-462A-609D-0903-00000000B901}4408C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000003768Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.725{C7A9AC19-462A-609D-0903-00000000B901}44084368C:\Windows\system32\conhost.exe{C7A9AC19-462A-609D-0803-00000000B901}4108C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003767Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-462A-609D-0903-00000000B901}4408C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003766Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003765Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003764Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003763Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003762Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003761Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003760Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003759Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003758Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003757Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-462A-609D-0803-00000000B901}4108C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003756Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-462A-609D-0803-00000000B901}4108C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000003755Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.715{C7A9AC19-462A-609D-0803-00000000B901}4108C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-462A-609D-B5C9-110000000000}0x11c9b50HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000003754Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003753Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003752Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.709{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000003751Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.651{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59332-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003750Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.651{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59332-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003749Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.648{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59331-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003748Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.648{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59331-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003747Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.645{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59330-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003746Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.645{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59330-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003745Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.642{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59329-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003744Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:48.642{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59329-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003833Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.991{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003832Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.991{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003831Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.991{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003830Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.351{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49639-false10.0.1.14win-dc-960.attackrange.local5986- 354300x80000000000000003829Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.666{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59336-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003828Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.666{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59336-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003827Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.664{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59335-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003826Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.664{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59335-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003825Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.661{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59334-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003824Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.661{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59334-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003823Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.658{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59333-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003822Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:49.658{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59333-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003821Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.022{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003820Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.022{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003819Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.022{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000003842Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.682{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59340-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003841Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.682{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59340-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003840Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.679{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59339-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003839Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.679{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59339-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003838Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.676{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59338-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003837Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.676{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59338-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003836Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.673{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59337-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003835Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:50.673{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59337-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003834Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.991{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003856Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.698{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59344-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003855Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.698{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59344-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003854Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.695{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59343-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003853Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.695{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59343-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003852Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.692{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59342-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003851Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.692{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59342-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 11241100x80000000000000003850Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.555{C7A9AC19-4500-609D-1100-00000000B901}416C:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat2021-05-13 15:26:52.910 23542300x80000000000000003849Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.555{C7A9AC19-4500-609D-1100-00000000B901}416NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=EDCD9CDA0F15F5F24229967F00BB139B,SHA256=0B56F554DE492AB0848BF88008C9AD7F2678CC65E7BBD0658FE78831FA609554,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000003848Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.689{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59341-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003847Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:51.689{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59341-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003846Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.008{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003845Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.008{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003844Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.008{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003843Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.008{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003866Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:52.710{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59347-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003865Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:52.710{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59347-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003864Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:52.708{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59346-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003863Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:52.708{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59346-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003862Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:52.705{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59345-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003861Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:52.705{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59345-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003860Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.024{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003859Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.024{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003858Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.024{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003857Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.024{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003880Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.729{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59352-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003879Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.729{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59352-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003878Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.727{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59351-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003877Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.727{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59351-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003876Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.724{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59350-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003875Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.724{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59350-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003874Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.720{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59349-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003873Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:53.720{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59349-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003872Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:52.713{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59348-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003871Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:52.713{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59348-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003870Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.040{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003869Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.040{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003868Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.040{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003867Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.040{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003892Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.744{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59356-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003891Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.744{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59356-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003890Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.742{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59355-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003889Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.742{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59355-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003888Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.739{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59354-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003887Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.739{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59354-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003886Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.736{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59353-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003885Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:54.736{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59353-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003884Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.056{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003883Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.056{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003882Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.056{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003881Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.056{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003904Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.761{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59360-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003903Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.760{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59360-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003902Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.758{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59359-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003901Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.758{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59359-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003900Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.755{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59358-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003899Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.755{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59358-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003898Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.752{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59357-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003897Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:55.752{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59357-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003896Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.075{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003895Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.075{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003894Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.075{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003893Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.075{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003912Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.773{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59362-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003911Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.773{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59362-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003910Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.770{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59361-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003909Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.770{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59361-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003908Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.091{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003907Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.091{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003906Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.091{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003905Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.091{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003928Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.792{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59367-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003927Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.792{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59367-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003926Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.789{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59366-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003925Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.789{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59366-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003924Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.786{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59365-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003923Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.786{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59365-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003922Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.779{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59364-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003921Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.779{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59364-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003920Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.776{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59363-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003919Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:56.776{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59363-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003918Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.108{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003917Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.108{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003916Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.108{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003915Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.108{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 11241100x80000000000000003914Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.014{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\splunk_stream_deployment\Splunk_TA_stream-1620919788.bundle2021-05-13 15:30:59.014 11241100x80000000000000003913Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.014{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\splunk_stream_deployment2021-05-13 15:30:59.014 354300x80000000000000003943Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.810{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59373-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003942Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.810{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59373-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003941Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.807{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59372-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003940Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.807{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59372-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003939Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.804{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59371-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003938Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.804{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59371-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003937Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.801{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59370-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003936Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.801{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59370-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003935Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:58.691{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59369-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x80000000000000003934Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.794{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59368-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003933Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:57.794{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59368-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003932Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.124{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003931Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.124{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003930Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.124{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003929Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.124{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003955Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.826{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59377-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003954Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.826{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59377-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003953Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.824{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59376-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003952Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.823{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59376-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003951Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.821{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59375-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003950Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.821{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59375-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003949Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.817{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59374-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003948Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:30:59.817{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59374-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003947Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.140{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003946Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.140{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003945Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.140{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003944Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.140{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000003967Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.842{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59381-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003966Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.842{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59381-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003965Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.839{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59380-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003964Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.839{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59380-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003963Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.836{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59379-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003962Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.836{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59379-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003961Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.833{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59378-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000003960Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:00.833{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59378-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000003959Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.156{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003958Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.156{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003957Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.156{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003956Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.156{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004045Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.891{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004044Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.891{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004043Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.891{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x80000000000000004042Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.844{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive2021-05-13 11:00:06.145 23542300x80000000000000004041Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.844{C7A9AC19-4637-609D-0F03-00000000B901}2752ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x80000000000000004040Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.857{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59385-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004039Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.857{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59385-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004038Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.854{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59384-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004037Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.854{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59384-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004036Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.851{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59383-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004035Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.851{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59383-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004034Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.848{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59382-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004033Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:01.848{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59382-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004032Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.704{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004031Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.704{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x80000000000000004030Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-CreatePipe2021-05-13 15:31:03.688{C7A9AC19-4637-609D-0F03-00000000B901}2752\PSHost.132653934636393517.2752.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x80000000000000004029Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.688{C7A9AC19-4637-609D-0F03-00000000B901}2752ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_0lwqnkyd.inw.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x80000000000000004028Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.688{C7A9AC19-4637-609D-0F03-00000000B901}2752ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_wxf1vscp.0vc.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x80000000000000004027Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.672{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_0lwqnkyd.inw.psm12021-05-13 15:31:03.672 11241100x80000000000000004026Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.672{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_wxf1vscp.0vc.ps12021-05-13 15:31:03.672 734700x80000000000000004025Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.672{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000004024Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.657{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004023Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.657{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004022Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.657{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004021Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.641{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004020Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.641{C7A9AC19-4637-609D-0D03-00000000B901}51084896C:\Windows\system32\conhost.exe{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004019Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004018Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004017Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004016Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004015Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004014Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004013Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004012Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004011Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000004010Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004009Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4637-609D-0E03-00000000B901}2596368C:\Windows\system32\cmd.exe{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000004008Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.639{C7A9AC19-4637-609D-0F03-00000000B901}2752C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEPowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-4637-609D-6FFE-110000000000}0x11fe6f0HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{C7A9AC19-4637-609D-0E03-00000000B901}2596C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUA 10341000x80000000000000004007Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4637-609D-0D03-00000000B901}51084896C:\Windows\system32\conhost.exe{C7A9AC19-4637-609D-0E03-00000000B901}2596C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004006Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004005Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004004Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004003Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004002Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004001Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004000Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003999Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003998Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-4637-609D-0E03-00000000B901}2596C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003997Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003996Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-4637-609D-0C03-00000000B901}46804836C:\Windows\system32\WinrsHost.exe{C7A9AC19-4637-609D-0E03-00000000B901}2596C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\WinrsHost.exe+2c94|C:\Windows\system32\WinrsHost.exe+2eb1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 154100x80000000000000003995Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.633{C7A9AC19-4637-609D-0E03-00000000B901}2596C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /C PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -EncodedCommand KABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAALQBDAGwAYQBzAHMATgBhAG0AZQAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBMAGEAcwB0AEIAbwBvAHQAVQBwAFQAaQBtAGUAC:\Users\Administrator\ATTACKRANGE\Administrator{C7A9AC19-4637-609D-6FFE-110000000000}0x11fe6f0HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-4637-609D-0C03-00000000B901}4680C:\Windows\System32\winrshost.exeC:\Windows\system32\WinrsHost.exe -Embedding 10341000x80000000000000003994Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003993Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003992Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.626{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003991Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.594{C7A9AC19-4500-609D-1300-00000000B901}10361428C:\Windows\system32\svchost.exe{C7A9AC19-4637-609D-0C03-00000000B901}4680C:\Windows\system32\WinrsHost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\winrscmd.dll+8d36|C:\Windows\system32\winrscmd.dll+92d5|C:\Windows\system32\winrscmd.dll+af31|C:\Windows\system32\winrscmd.dll+23dc|c:\windows\system32\wsmsvc.dll+155ac7|c:\windows\system32\wsmsvc.dll+13f76d|c:\windows\system32\wsmsvc.dll+13f3cf|c:\windows\system32\wsmsvc.dll+13fcb2|c:\windows\system32\wsmsvc.dll+9ab10|c:\windows\system32\wsmsvc.dll+9b611|c:\windows\system32\wsmsvc.dll+4495|c:\windows\system32\wsmsvc.dll+16816c|c:\windows\system32\wsmsvc.dll+1689b8|c:\windows\system32\wsmsvc.dll+16345b|c:\windows\system32\wsmsvc.dll+163125|c:\windows\system32\wsmsvc.dll+14ce9c|c:\windows\system32\wsmsvc.dll+130049|c:\windows\system32\wsmsvc.dll+13571a|c:\windows\system32\wsmsvc.dll+12f47e|c:\windows\system32\wsmsvc.dll+125587|c:\windows\system32\wsmsvc.dll+11f562|c:\windows\system32\wsmsvc.dll+124574 10341000x80000000000000003990Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.594{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4637-609D-0C03-00000000B901}4680C:\Windows\system32\WinrsHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x80000000000000003989Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4637-609D-0D03-00000000B901}5108C:\Windows\System32\conhost.exeC:\Windows\System32\windows.storage.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft WinRT Storage APIMicrosoft® Windows® Operating SystemMicrosoft CorporationWindows.Storage.dllMD5=902EBA937960538CA5B7A586EAFE47EE,SHA256=0C5D100EFA1E51C36C0A6E4B35BFD09C3098616EE9B3E46DC49E9E1A8365A0DF,IMPHASH=181A859176420BBB803F246C0E4B0889trueMicrosoft WindowsValid 10341000x80000000000000003988Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4637-609D-0D03-00000000B901}51084896C:\Windows\system32\conhost.exe{C7A9AC19-4637-609D-0C03-00000000B901}4680C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003987Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-4637-609D-0D03-00000000B901}5108C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003986Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003985Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003984Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003983Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003982Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003981Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003980Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003979Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003978Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003977Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-4637-609D-0C03-00000000B901}4680C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000003976Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4500-609D-0C00-00000000B901}860892C:\Windows\system32\svchost.exe{C7A9AC19-4637-609D-0C03-00000000B901}4680C:\Windows\system32\WinrsHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000003975Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.579{C7A9AC19-4637-609D-0C03-00000000B901}4680C:\Windows\System32\winrshost.exe10.0.14393.0 (rs1_release.160715-1616)Host Process for WinRM's Remote Shell pluginMicrosoft® Windows® Operating SystemMicrosoft Corporationwinrshost.exeC:\Windows\system32\WinrsHost.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{C7A9AC19-4637-609D-6FFE-110000000000}0x11fe6f0HighMD5=F40EC96CA18D88CB1F26FA2070010714,SHA256=607C014A3CA531FFAD50BCD90095C01E4E6B691D9E18473C70E4699CF1E31453,IMPHASH=4216D8E7F36901B61DFD6309B49BCF96{C7A9AC19-4500-609D-0C00-00000000B901}860C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x80000000000000003974Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.563{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003973Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.563{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+19616|C:\Windows\system32\lsasrv.dll+1abbf|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003972Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.563{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-4500-609D-1300-00000000B901}1036C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000003971Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.172{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003970Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.172{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003969Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.172{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000003968Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.172{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004057Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.873{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59389-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004056Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.873{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59389-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004055Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.870{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59388-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004054Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.870{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59388-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004053Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.867{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59387-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004052Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.867{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59387-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004051Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.864{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59386-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004050Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:02.864{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59386-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004049Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.188{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004048Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.188{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004047Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.188{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004046Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.188{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004070Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.888{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59393-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004069Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.888{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59393-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004068Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.886{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59392-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004067Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.886{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59392-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004066Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.883{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59391-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004065Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.883{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59391-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004064Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.880{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59390-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004063Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.880{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59390-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004062Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:03.201{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse46.128.24.7946.128.24.79.dynamic.cablesurf.de49641-false10.0.1.14win-dc-960.attackrange.local5986- 10341000x80000000000000004061Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.205{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004060Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.205{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004059Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.205{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004058Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.205{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004082Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.904{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59397-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004081Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.904{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59397-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004080Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.901{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59396-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004079Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.901{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59396-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004078Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.898{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59395-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004077Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.898{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59395-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004076Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.895{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59394-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004075Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:04.895{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59394-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004074Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.221{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004073Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.221{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004072Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.221{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004071Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.221{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004094Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.920{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59401-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004093Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.920{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59401-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004092Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.917{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59400-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004091Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.917{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59400-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004090Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.914{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59399-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004089Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.914{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59399-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004088Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.911{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59398-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004087Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:05.911{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59398-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004086Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.237{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004085Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.237{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004084Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.237{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004083Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.237{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004106Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.935{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59405-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004105Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.935{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59405-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004104Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.933{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59404-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004103Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.933{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59404-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004102Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.930{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59403-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004101Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.930{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59403-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004100Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.926{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59402-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004099Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:06.926{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59402-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004098Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.253{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004097Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.253{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004096Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.253{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004095Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.253{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004116Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.948{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59408-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004115Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.948{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59408-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004114Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.945{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59407-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004113Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.945{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59407-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004112Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.942{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59406-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004111Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.942{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59406-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004110Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.269{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004109Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.269{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004108Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.269{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004107Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.269{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004128Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.964{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59412-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004127Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.964{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59412-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004126Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.961{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59411-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004125Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.961{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59411-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004124Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.958{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59410-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004123Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.958{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59410-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004122Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.285{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004121Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.285{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004120Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.285{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004119Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.285{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004118Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.951{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59409-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004117Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:07.951{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59409-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004140Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:11.305{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004139Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:11.305{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004138Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:11.305{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004137Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:11.305{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004136Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.979{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59416-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004135Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.979{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59416-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004134Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.976{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59415-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004133Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.976{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59415-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004132Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.973{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59414-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004131Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.973{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59414-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004130Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.967{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59413-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004129Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:08.967{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59413-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004152Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.991{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59422-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004151Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.991{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59422-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004150Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.878{C7A9AC19-4511-609D-2900-00000000B901}2368C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59421-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x80000000000000004149Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.787{C7A9AC19-4511-609D-2900-00000000B901}2368C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59420-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x80000000000000004148Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.743{C7A9AC19-4511-609D-2900-00000000B901}2368C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59419-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x80000000000000004147Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.742{C7A9AC19-4511-609D-2900-00000000B901}2368C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59418-false169.254.169.254instance-data.eu-central-1.compute.internal80http 354300x80000000000000004146Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.982{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59417-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004145Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:09.982{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59417-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004144Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.321{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004143Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.321{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004142Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.321{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004141Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.321{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004166Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.011{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59427-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004165Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.011{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59427-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004164Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.008{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59426-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004163Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.008{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59426-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004162Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:13.337{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004161Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:13.337{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004160Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:13.337{C7A9AC19-44FE-609D-0B00-00000000B901}632684C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004159Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:13.337{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004158Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:11.000{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59425-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004157Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:11.000{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59425-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004156Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.998{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59424-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004155Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.998{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59424-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004154Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.994{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59423-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004153Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:10.994{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59423-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 11241100x80000000000000004329Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.991{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\wpcap.dll2021-05-13 15:31:14.991 11241100x80000000000000004328Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.991{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\vcruntime140.dll2021-05-13 15:31:14.991 11241100x80000000000000004327Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.991{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\vccorlib140.dll2021-05-13 15:31:14.991 11241100x80000000000000004326Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.881{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe2021-05-13 15:31:14.881 11241100x80000000000000004325Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\qmprotocols.dll2021-05-13 15:31:14.866 11241100x80000000000000004324Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\qmframework.dll2021-05-13 15:31:14.866 11241100x80000000000000004323Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\qmflow.dll2021-05-13 15:31:14.866 11241100x80000000000000004322Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\npf.sys2021-05-13 15:31:14.866 11241100x80000000000000004321Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\msvcp140.dll2021-05-13 15:31:14.866 11241100x80000000000000004320Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\concrt140.dll2021-05-13 15:31:14.866 11241100x80000000000000004319Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\Packet.dll2021-05-13 15:31:14.866 11241100x80000000000000004318Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin2021-05-13 15:31:14.866 11241100x80000000000000004317Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_642021-05-13 15:31:14.866 11241100x80000000000000004316Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js\underscore.min.js2021-05-13 15:31:14.866 11241100x80000000000000004315Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js\jquery.min.js2021-05-13 15:31:14.866 11241100x80000000000000004314Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js\jquery-ui.min.js2021-05-13 15:31:14.866 11241100x80000000000000004313Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\js2021-05-13 15:31:14.866 11241100x80000000000000004312Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\index.html2021-05-13 15:31:14.866 11241100x80000000000000004311Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.866{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\images\ajax-loader.gif2021-05-13 15:31:14.866 11241100x80000000000000004310Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\images2021-05-13 15:31:14.850 11241100x80000000000000004309Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\fonts\splunkicons-regular-webfont.woff2021-05-13 15:31:14.850 11241100x80000000000000004308Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\fonts\splunkicons-regular-webfont.ttf2021-05-13 15:31:14.850 11241100x80000000000000004307Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\fonts\splunkicons-regular-webfont.eot2021-05-13 15:31:14.850 11241100x80000000000000004306Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\fonts2021-05-13 15:31:14.850 11241100x80000000000000004305Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\favicon.ico2021-05-13 15:31:14.850 11241100x80000000000000004304Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\jquery-ui.css2021-05-13 15:31:14.850 11241100x80000000000000004303Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_cd0a0a_256x240.png2021-05-13 15:31:14.850 11241100x80000000000000004302Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_888888_256x240.png2021-05-13 15:31:14.850 11241100x80000000000000004301Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_454545_256x240.png2021-05-13 15:31:14.850 11241100x80000000000000004300Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_2e83ff_256x240.png2021-05-13 15:31:14.850 11241100x80000000000000004299Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-icons_222222_256x240.png2021-05-13 15:31:14.850 11241100x80000000000000004298Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_highlight-soft_75_cccccc_1x100.png2021-05-13 15:31:14.850 11241100x80000000000000004297Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_95_fef1ec_1x400.png2021-05-13 15:31:14.850 11241100x80000000000000004296Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_75_e6e6e6_1x400.png2021-05-13 15:31:14.850 11241100x80000000000000004295Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_75_dadada_1x400.png2021-05-13 15:31:14.850 11241100x80000000000000004294Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_65_ffffff_1x400.png2021-05-13 15:31:14.850 11241100x80000000000000004293Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_glass_55_fbf9ee_1x400.png2021-05-13 15:31:14.850 11241100x80000000000000004292Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_flat_75_ffffff_40x100.png2021-05-13 15:31:14.850 11241100x80000000000000004291Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images\ui-bg_flat_0_aaaaaa_40x100.png2021-05-13 15:31:14.850 11241100x80000000000000004290Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\images2021-05-13 15:31:14.850 11241100x80000000000000004289Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css\common.css2021-05-13 15:31:14.850 11241100x80000000000000004288Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui\css2021-05-13 15:31:14.850 11241100x80000000000000004287Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\ui2021-05-13 15:31:14.850 11241100x80000000000000004286Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\set_permissions.sh2021-05-13 15:31:14.850 11241100x80000000000000004285Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\metadata\local.meta2021-05-13 15:31:14.850 11241100x80000000000000004284Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\metadata\default.meta2021-05-13 15:31:14.850 11241100x80000000000000004283Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\metadata2021-05-13 15:31:14.850 11241100x80000000000000004282Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\lookups\stream_app_lookup.csv2021-05-13 15:31:14.850 11241100x80000000000000004281Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\lookups2021-05-13 15:31:14.850 11241100x80000000000000004280Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\local\streamfwdlog.conf2021-05-13 15:31:14.850 11241100x80000000000000004279Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\local\keystore.db2021-05-13 15:31:14.850 11241100x80000000000000004278Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\local\inputs.conf2021-05-13 15:31:14.850 11241100x80000000000000004277Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\local\app.conf2021-05-13 15:31:14.850 11241100x80000000000000004276Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.850{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\local2021-05-13 15:31:14.850 11241100x80000000000000004275Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.725{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\linux_x86_64\bin\streamfwd-rhel62021-05-13 15:31:14.725 11241100x80000000000000004274Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\linux_x86_64\bin\streamfwd2021-05-13 15:31:14.615 11241100x80000000000000004273Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\linux_x86_64\bin2021-05-13 15:31:14.615 11241100x80000000000000004272Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\linux_x86_642021-05-13 15:31:14.615 11241100x80000000000000004271Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\xmpp.xml2021-05-13 15:31:14.615 11241100x80000000000000004270Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\tns.xml2021-05-13 15:31:14.615 11241100x80000000000000004269Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\time.xml2021-05-13 15:31:14.615 11241100x80000000000000004268Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\tds.xml2021-05-13 15:31:14.615 11241100x80000000000000004267Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\ssh.xml2021-05-13 15:31:14.615 11241100x80000000000000004266Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\sql.xml2021-05-13 15:31:14.615 11241100x80000000000000004265Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\snmp.xml2021-05-13 15:31:14.615 11241100x80000000000000004264Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\smtp.xml2021-05-13 15:31:14.615 11241100x80000000000000004263Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\smpp.xml2021-05-13 15:31:14.615 11241100x80000000000000004262Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\smb.xml2021-05-13 15:31:14.615 11241100x80000000000000004261Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\sip.xml2021-05-13 15:31:14.615 11241100x80000000000000004260Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\sflow.xml2021-05-13 15:31:14.615 11241100x80000000000000004259Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\rtp.xml2021-05-13 15:31:14.615 11241100x80000000000000004258Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\rtcp.xml2021-05-13 15:31:14.615 11241100x80000000000000004257Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\rss.xml2021-05-13 15:31:14.615 11241100x80000000000000004256Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\rpc.xml2021-05-13 15:31:14.615 11241100x80000000000000004255Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\radius.xml2021-05-13 15:31:14.615 11241100x80000000000000004254Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\postgres.xml2021-05-13 15:31:14.615 11241100x80000000000000004253Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\pop3.xml2021-05-13 15:31:14.615 11241100x80000000000000004252Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\omniture.xml2021-05-13 15:31:14.615 11241100x80000000000000004251Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\nfs.xml2021-05-13 15:31:14.615 11241100x80000000000000004250Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.615{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\netflow.xml2021-05-13 15:31:14.615 11241100x80000000000000004249Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.614{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\mysql.xml2021-05-13 15:31:14.614 11241100x80000000000000004248Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.614{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\mount.xml2021-05-13 15:31:14.614 11241100x80000000000000004247Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.614{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\messaging.xml2021-05-13 15:31:14.614 11241100x80000000000000004246Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.614{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\mapi.xml2021-05-13 15:31:14.613 11241100x80000000000000004245Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.613{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\ldap.xml2021-05-13 15:31:14.613 11241100x80000000000000004244Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.613{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\irc.xml2021-05-13 15:31:14.613 11241100x80000000000000004243Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.613{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\ip.xml2021-05-13 15:31:14.613 11241100x80000000000000004242Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.612{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\imap.xml2021-05-13 15:31:14.612 11241100x80000000000000004241Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.612{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\igmp.xml2021-05-13 15:31:14.612 11241100x80000000000000004240Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.612{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\icmp.xml2021-05-13 15:31:14.612 11241100x80000000000000004239Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.611{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\http.xml2021-05-13 15:31:14.611 11241100x80000000000000004238Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.611{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\google.xml2021-05-13 15:31:14.611 11241100x80000000000000004237Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.611{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\ftp.xml2021-05-13 15:31:14.611 11241100x80000000000000004236Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.610{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\flow.xml2021-05-13 15:31:14.610 11241100x80000000000000004235Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.610{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\email.xml2021-05-13 15:31:14.610 11241100x80000000000000004234Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.610{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\dns.xml2021-05-13 15:31:14.610 11241100x80000000000000004233Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.609{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\diameter.xml2021-05-13 15:31:14.609 11241100x80000000000000004232Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.609{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\dhcp.xml2021-05-13 15:31:14.609 11241100x80000000000000004231Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.609{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\database.xml2021-05-13 15:31:14.608 11241100x80000000000000004230Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.608{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\atom.xml2021-05-13 15:31:14.608 11241100x80000000000000004229Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.608{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\arp.xml2021-05-13 15:31:14.608 11241100x80000000000000004228Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.607{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\amqp.xml2021-05-13 15:31:14.607 11241100x80000000000000004227Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.607{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies\aggregate.xml2021-05-13 15:31:14.607 11241100x80000000000000004226Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.607{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\vocabularies2021-05-13 15:31:14.607 11241100x80000000000000004225Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.607{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\streamfwdlog.conf2021-05-13 15:31:14.606 11241100x80000000000000004224Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.606{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\streamfwd.conf2021-05-13 15:31:14.606 11241100x80000000000000004223Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.606{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\server.conf2021-05-13 15:31:14.606 11241100x80000000000000004222Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.606{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\sample2.stream2021-05-13 15:31:14.605 11241100x80000000000000004221Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.605{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\outputs.conf2021-05-13 15:31:14.605 11241100x80000000000000004220Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.604{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\inputs.conf2021-05-13 15:31:14.604 11241100x80000000000000004219Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.604{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default\app.conf2021-05-13 15:31:14.604 11241100x80000000000000004218Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.604{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\default2021-05-13 15:31:14.604 11241100x80000000000000004217Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\darwin_x86_64\bin\streamfwd2021-05-13 15:31:14.478 11241100x80000000000000004216Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\darwin_x86_64\bin2021-05-13 15:31:14.478 11241100x80000000000000004215Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\darwin_x86_642021-05-13 15:31:14.478 11241100x80000000000000004214Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_UDP_Raw2021-05-13 15:31:14.478 11241100x80000000000000004213Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_TNS_Raw2021-05-13 15:31:14.478 11241100x80000000000000004212Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_TDS_Raw2021-05-13 15:31:14.478 11241100x80000000000000004211Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_TCP_Raw2021-05-13 15:31:14.478 11241100x80000000000000004210Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_POSTGRESQL_Raw2021-05-13 15:31:14.478 11241100x80000000000000004209Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_MYSQL_Raw2021-05-13 15:31:14.478 11241100x80000000000000004208Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_IP_Raw2021-05-13 15:31:14.478 11241100x80000000000000004207Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_ICMP_Raw2021-05-13 15:31:14.478 11241100x80000000000000004206Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_HTTP_Raw2021-05-13 15:31:14.478 11241100x80000000000000004205Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_DNS_Raw2021-05-13 15:31:14.478 11241100x80000000000000004204Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams\ITSI_DHCP_Raw2021-05-13 15:31:14.478 11241100x80000000000000004203Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi\streams2021-05-13 15:31:14.478 11241100x80000000000000004202Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\itsi2021-05-13 15:31:14.478 11241100x80000000000000004201Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_XMPP_RAW2021-05-13 15:31:14.478 11241100x80000000000000004200Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_UDP_RAW2021-05-13 15:31:14.478 11241100x80000000000000004199Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_TNS_RAW2021-05-13 15:31:14.478 11241100x80000000000000004198Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_TDS_RAW2021-05-13 15:31:14.478 11241100x80000000000000004197Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_TCP_RAW2021-05-13 15:31:14.478 11241100x80000000000000004196Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_SMTP_RAW2021-05-13 15:31:14.478 11241100x80000000000000004195Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_POSTGRES_RAW2021-05-13 15:31:14.478 11241100x80000000000000004194Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_POP3_RAW2021-05-13 15:31:14.478 11241100x80000000000000004193Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_MYSQL_RAW2021-05-13 15:31:14.478 11241100x80000000000000004192Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_MAPI_RAW2021-05-13 15:31:14.478 11241100x80000000000000004191Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_IP_RAW2021-05-13 15:31:14.478 11241100x80000000000000004190Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_ICMP_RAW2021-05-13 15:31:14.478 11241100x80000000000000004189Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_HTTP_RAW2021-05-13 15:31:14.478 11241100x80000000000000004188Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_FTP_RAW2021-05-13 15:31:14.478 11241100x80000000000000004187Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_DNS_RAW2021-05-13 15:31:14.478 11241100x80000000000000004186Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams\ES_DHCP_RAW2021-05-13 15:31:14.478 11241100x80000000000000004185Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es\streams2021-05-13 15:31:14.478 11241100x80000000000000004184Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs\es2021-05-13 15:31:14.478 11241100x80000000000000004183Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\configs2021-05-13 15:31:14.478 11241100x80000000000000004182Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\README.txt2021-05-13 15:31:14.478 11241100x80000000000000004181Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\README\streamfwd.conf.spec2021-05-13 15:31:14.478 11241100x80000000000000004180Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\README\inputs.conf.spec2021-05-13 15:31:14.478 11241100x80000000000000004179Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\README2021-05-13 15:31:14.478 11241100x80000000000000004178Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\LICENSE.txt2021-05-13 15:31:14.478 11241100x80000000000000004177Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.478{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream2021-05-13 15:31:14.478 354300x80000000000000004176Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:13.023{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59430-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004175Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:13.023{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59430-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004174Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.353{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004173Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.353{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004172Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.353{C7A9AC19-44FE-609D-0B00-00000000B901}632856C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x80000000000000004171Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.353{C7A9AC19-44FE-609D-0B00-00000000B901}632688C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x80000000000000004170Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.016{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59429-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004169Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.016{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local59429-truefe80:0:0:0:df6:9131:aed7:eda5win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004168Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.014{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59428-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004167Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:12.014{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59428-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004467Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.995{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004466Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.995{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004465Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.995{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004464Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.995{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004463Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.995{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004462Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.995{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-4643-609D-1803-00000000B901}2348C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000004461Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.995{C7A9AC19-4643-609D-1103-00000000B901}31684284C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE{C7A9AC19-4643-609D-1803-00000000B901}2348C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+6665|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+14ab4|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+d8a0|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000004460Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.997{C7A9AC19-4643-609D-1803-00000000B901}2348C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list kvstore --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C7A9AC19-44FE-609D-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-4643-609D-1103-00000000B901}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=3676 10341000x80000000000000004459Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.964{C7A9AC19-4643-609D-1703-00000000B901}40321956C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004458Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4561-609D-CD01-00000000B901}36443400C:\Windows\system32\conhost.exe{C7A9AC19-4643-609D-1703-00000000B901}4032C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004457Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004456Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004455Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004454Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004453Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004452Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004451Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004450Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004449Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-4643-609D-1703-00000000B901}4032C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000004448Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004447Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.745{C7A9AC19-4643-609D-1603-00000000B901}21844176C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{C7A9AC19-4643-609D-1703-00000000B901}4032C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000004446Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.748{C7A9AC19-4643-609D-1703-00000000B901}4032C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C7A9AC19-44FE-609D-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{C7A9AC19-4643-609D-1603-00000000B901}2184C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool server list general --no-log 10341000x80000000000000004445Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4561-609D-CD01-00000000B901}36443400C:\Windows\system32\conhost.exe{C7A9AC19-4643-609D-1603-00000000B901}2184C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004444Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004443Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004442Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004441Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004440Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004439Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004438Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004437Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004436Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004435Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-44F5-609D-0500-00000000B901}412484C:\Windows\system32\csrss.exe{C7A9AC19-4643-609D-1603-00000000B901}2184C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000004434Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4643-609D-1503-00000000B901}36242892C:\Windows\system32\cmd.exe{C7A9AC19-4643-609D-1603-00000000B901}2184C:\Program Files\SplunkUniversalForwarder\bin\btool.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+f916|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000004433Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.742{C7A9AC19-4643-609D-1603-00000000B901}2184C:\Program Files\SplunkUniversalForwarder\bin\btool.exe8.0.2btoolsplunk ApplicationSplunk Inc.btool.exebtool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C7A9AC19-44FE-609D-E703-000000000000}0x3e70SystemMD5=BC53EBF68CFA6E8A254D89ABEC89A65D,SHA256=97024B4A7182D9C253B1AC4E56A1C8F3BC8808B79E6D022EF27B95003622F0A4,IMPHASH=572E0CF4672412FA940B0E1835926B3B{C7A9AC19-4643-609D-1503-00000000B901}3624C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c btool server list general --no-log 10341000x80000000000000004432Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4561-609D-CD01-00000000B901}36443400C:\Windows\system32\conhost.exe{C7A9AC19-4643-609D-1503-00000000B901}3624C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004431Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004430Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004429Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004428Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004427Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004426Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004425Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004424Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004423Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004422Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-44F5-609D-0500-00000000B901}412532C:\Windows\system32\csrss.exe{C7A9AC19-4643-609D-1503-00000000B901}3624C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000004421Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.729{C7A9AC19-4643-609D-1103-00000000B901}31684284C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE{C7A9AC19-4643-609D-1503-00000000B901}3624C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\ucrtbase.dll+9ea4a|C:\Windows\System32\ucrtbase.dll+9e42e|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+43bc6|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+6665|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+14738|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+d8a0|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+1adfc|C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE+4cf68|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000004420Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.737{C7A9AC19-4643-609D-1503-00000000B901}3624C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c btool server list general --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C7A9AC19-44FE-609D-E703-000000000000}0x3e70SystemMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{C7A9AC19-4643-609D-1103-00000000B901}3168C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"C:\Program Files\SplunkUniversalForwarder\bin\Splunk.EXE" restart --waitonpid=3676 10341000x80000000000000004419Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.698{C7A9AC19-4643-609D-1403-00000000B901}34324904C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE{C7A9AC19-4561-609D-C901-00000000B901}3676C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e675|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+116e1a6|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f344c|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+f2a91|C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE+19fdb50|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x80000000000000004418Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.045{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59436-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004417Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.045{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59436-truefe80:0:0:0:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004416Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.042{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-960.attackrange.local59435-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004415Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.042{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-960.attackrange.local59435-false10.0.1.14win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004414Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.039{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59434-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 354300x80000000000000004413Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:14.039{C7A9AC19-44F4-609D-0100-00000000B901}4SystemNT AUTHORITY\SYSTEMtcptruetrue2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local59434-true2001:0:2851:782c:20d8:200d:f5ff:fef1win-dc-960.attackrange.local445microsoft-ds 10341000x80000000000000004412Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4561-609D-CD01-00000000B901}36443400C:\Windows\system32\conhost.exe{C7A9AC19-4643-609D-1403-00000000B901}3432C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004411Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004410Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004409Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004408Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004407Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004406Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004405Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004404Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004403Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4500-609D-0C00-00000000B901}860376C:\Windows\system32\svchost.exe{C7A9AC19-4582-609D-A502-00000000B901}3292C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x80000000000000004402Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-44F5-609D-0500-00000000B901}412428C:\Windows\system32\csrss.exe{C7A9AC19-4643-609D-1403-00000000B901}3432C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x80000000000000004401Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.444{C7A9AC19-4643-609D-1303-00000000B901}21803424C:\Program Files\SplunkUniversalForwarder\bin\btool.exe{C7A9AC19-4643-609D-1403-00000000B901}3432C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+239c|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2568|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+2926|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+11cf|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+1245|C:\Program Files\SplunkUniversalForwarder\bin\btool.exe+aa24|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x80000000000000004400Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.119{C7A9AC19-4643-609D-1403-00000000B901}3432C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe8.0.2splunkd servicesplunk ApplicationSplunk Inc.splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\SplunkD.EXE" btool web list settings --no-logC:\Windows\system32\NT AUTHORITY\SYSTEM{C7A9AC19-44FE-609D-E703-000000000000}0x3e70SystemMD5=B6D66AB97239BFB32F1CC9B8BFE1B4E0,SHA256=9D5EC3AA587B29840BE53E8E11B1C3BFE2FA3413DD65459325CBEEAFA66D3975,IMPHASH=CD69F86EE9B3C12390F5C7499BD3A589{C7A9AC19-4643-609D-1303-00000000B901}2180C:\Program Files\SplunkUniversalForwarder\bin\btool.exebtool web list settings --no-log 10341000x80000000000000004399Microsoft-Windows-Sysmon/Operationalwin-dc-960.attackrange.local-2021-05-13 15:31:15.366{C7A9AC19-44FE-609D-0B00-00000000B901}632692C:\Windows\system32\lsass.exe{C7A9AC19-44F4-609D-0100-00000000B901}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\W