10341000x8000000000000000180832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.992{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.439{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.424{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F097DBA737977E2CCA185022133131A9,SHA256=AD918B9E076D0F0725895A968267182C9D04AF900596237F193F783B8F299B86,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:00.454{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:00.439{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59DC1BD6BBB1F1044E8548015B230856,SHA256=A46F0DC9313D3CF328129F34C473424A5EE7C7CEAE3407957546E41D53A6D27C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.457{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F811ACA4789F4EE91D13FD95F79EB10,SHA256=79D040242C909120A2F1F413044DBB1A1ED46A2193C52C94F6DE3FEE33D8E8AC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.454{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.407{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BECFB4CDF70213664F6977ED6135CA9B,SHA256=58FE1736AFB0F1FC9A09A8F4FD8BB050C8A2ECBAC4E8B24D549FD20EB055EFB4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.007{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.475{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0C2DC69864F767E4464E8B65599682F,SHA256=25D436F9090937AD872441BFFEFC23F2AC2E667B9ECEE609342D19DA7E97B500,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.475{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.291{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.755{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51382-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000180841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.755{BD6F876E-5D70-620B-2300-000000003702}2764C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51382-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 10341000x8000000000000000180840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.023{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.023{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:03.490{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF4257832C68E1EAC86278653AC5A44D,SHA256=C48CACCF56A58B4CD8596F64DB922536BD0D35CAEA01E540C53870E94E876450,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:03.490{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:03.390{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C067BF684E2CE2FFDC878A4ED62E1D5,SHA256=F15E0A27DB7D3AC32BDD75AA33AF5BD14B87C990F1D5C14383FFB8A9419EE94D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000180850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.457{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51245- 354300x8000000000000000180849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.456{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local56464- 354300x8000000000000000180848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:00.555{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51383-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000180847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:00.486{BD6F876E-5D62-620B-0F00-000000003702}356C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse58.69.124.14358.69.124.143.pldt.net61682-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local3389ms-wbt-server 10341000x8000000000000000180846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:03.037{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:04.505{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3B29AE84D0BACFDB71C2D3640FD7D73,SHA256=9F1608421CC836FFF5D4DCF23660BC15F12DB066BE30DED38605348049E30210,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:04.505{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.488{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local62747- 354300x8000000000000000180855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.460{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local62965- 10341000x8000000000000000180854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:04.052{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000180863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.973{BD6F876E-75E2-620B-8E03-000000003702}2792C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\SiteSecurityServiceState.txt2022-02-15 09:49:05.705 23542300x8000000000000000180862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.973{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\SiteSecurityServiceState.txtMD5=1882A5DAAF54528FE1D22D09A05F38EA,SHA256=90B99A9D017C25CAD83F0EB9F0B902EBFD3770C6539D62E2600914515FA752F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.505{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B173935131302404133A2DA9CF09498,SHA256=B514990FF2C3D3A8B6B549A5CE5F8E2FAF578AA3258A63A11D251FFBBBEB904A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.505{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.053{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:06.520{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F75B298CFA85B377E8CF5A0575543C8,SHA256=C0C20D8D1B03426F55A92703C5867057EAA7124CA445E6B14371D0E4CE275172,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:06.520{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:06.073{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.520{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=537218115FA928339971D206644E043B,SHA256=F7C5081EBB7573C85DB84AB59E2257C3F41CFAD04F4BDBD367892D8A2834AEE7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.520{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.305{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.089{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\24346MD5=81940AA0788732E56329DCA75FED8467,SHA256=E02179A5EA5CE0AD361A4816D6BAC67B1DFD1658ECD1E5B1DB01C2FFDF64E19C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.074{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.036{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:08.535{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0176E6FEB8F541959A97975239B9E50C,SHA256=60E779E60BDFBA4E6D511FEDA5293E596AF5014710BC6EB27C02572A87D56946,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:08.535{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:08.088{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:09.571{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79D1ADAB2F39A610D1013613D3AE9BAC,SHA256=578E73FBD835AE646BBEBDA175F7B54BBD9AAA295B6A5D4BF4E6FD547738E02F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:09.550{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:06.431{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51384-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000180876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:09.099{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:10.586{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26E7248465C7EB75FD82C5D62FF69C68,SHA256=E9D887C79F37B83DA16DD1A35DBB027B50F97C435C97690198BF55F1508CA10E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:10.570{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:10.102{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:11.601{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC1D15B4BE938BD297C30191A7333647,SHA256=CCF984B00EEE69B4496A3FB8EC3855AA0E8260C17F4212ACB7E39828FA19701A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:11.585{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:11.117{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9464-620B-D20F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AF7B8590D7E1FF38BF43FC1FCC370B5,SHA256=012EB2430525C7E54ADF41328A057FEF7A303B0B51B30E134EF8B2E4BEE0FFFF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9464-620B-D20F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000180892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9464-620B-D20F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000180891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.616{BD6F876E-9464-620B-D20F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000180890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.599{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.315{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.200{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\19229MD5=D75BD0BF34AE949CEBE403C02DFC4C43,SHA256=5D003925CB7F4AC6AE6792B13035584C50180BC7F9B3EEE585551CC081F577C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.131{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.047{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9465-620B-D40F-000000003702}8356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9465-620B-D40F-000000003702}8356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000180916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9465-620B-D40F-000000003702}8356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000180914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.801{BD6F876E-9465-620B-D40F-000000003702}8356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000180913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.616{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B321953EB42AF0663C9F0B1B951BC1C,SHA256=B9EC7959BC96E2C33E321114522D47D75FAA92F3CDBE63F87FA194BD0C7D3D74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.616{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E137D976D454EB41293498AB70FD73B8,SHA256=E67E915441686E05AEC0C9F2E413BC252B4206DE0AA83BF8EB5E2E08E8029780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.616{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D32FD728D97CAF18BC6583509B017E10,SHA256=A7334AB5D25EABC1A0059FFF45F1AC724C7666E3199467302742BF20C4776E65,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.600{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.331{BD6F876E-9465-620B-D30F-000000003702}83885760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.146{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9465-620B-D30F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-9465-620B-D30F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000180901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9465-620B-D30F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000180900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.116{BD6F876E-9465-620B-D30F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000180926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.808{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E137D976D454EB41293498AB70FD73B8,SHA256=E67E915441686E05AEC0C9F2E413BC252B4206DE0AA83BF8EB5E2E08E8029780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.623{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=937F5DAA0FC0A1626C4D8D57FCC0DB1F,SHA256=6F3CF7BCC198469D9E2DD9FBFDA52FC7D44809A2FAEE2D1758CB6C35D600AB0D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.608{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.162{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.133{BD6F876E-9465-620B-D40F-000000003702}83568812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:15.660{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3076885D2E191647931D552E74F9CDDE,SHA256=7BADF6A693B2383F354AA71554A749906782C5658EF7BE4A6F8CF8BA27F625A5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:15.607{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.478{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51385-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000180927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:15.176{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:16.676{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FFE719F6726585D42E2B91F1E79B515,SHA256=B8999D29BBA7E5E64C14606351C8C66C608850810C69FAEE497FEC4478C911EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:16.623{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:16.191{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.890{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6EC79E3910901170884C73FE09E00F5,SHA256=46E963AF96F675A0C69FDFC3FC1D03702B2E463D0D3797564920C98BBAE17C6B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.637{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.322{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.206{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.060{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.041{BD6F876E-5D62-620B-0D00-000000003702}9049096C:\Windows\system32\svchost.exe{BD6F876E-5D62-620B-1600-000000003702}1300C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7486-620B-5303-000000003702}4212C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7486-620B-5303-000000003702}4212C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7486-620B-5303-000000003702}4212C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.905{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFD10E37F9DB4575854160A73CF8F211,SHA256=EDFE3BCD560541768B71FE4290AECFA5416418D8433F61EF702F2B11CF1F260A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.638{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.274{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=40D81D9E519E9B4337E1273D02DEA199,SHA256=4B0CAC2724BB105F61E6D7FDC698428DC3997069530EE2BAEA6B464ACFAA736F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.274{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.221{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:19.921{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E5E35353B0F8567AA867261A977055F,SHA256=7F0E5B19DEE8EF59C24113190C03674E21560FF68C38E65069D4FA7B083589A9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:19.639{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:19.236{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:20.958{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44EA45BE29A66A9EE2440F2B82A0DA6A,SHA256=27C8ABEDB6C020A9270FB80F62675D2D32FA48D370F3D2B7B384B8D48532D881,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:20.658{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:20.258{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.989{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC46F1E86BD3C6A37E7B31D4A8510CBA,SHA256=F2452ADA864A9569EB74184908FDDEBD05A80D095BB5A27D9C2209EEED690973,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000180993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:54:21.857{BD6F876E-5D62-620B-1100-000000003702}476C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d82262-0xc53b8445) 10341000x8000000000000000180992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.673{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.436{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51386-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000180990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.273{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:22.673{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:22.336{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:22.289{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:22.073{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:23.688{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.738{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50205- 354300x8000000000000000181003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.737{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53050- 354300x8000000000000000181002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.701{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53520- 354300x8000000000000000181001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.700{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54835- 10341000x8000000000000000181000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:23.304{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:23.004{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75F888254AE8DCCE2945300179C6660B,SHA256=FCE8FB63318D3C4A482C8AC630754FC1D11201AE4364BAA261374F032AE423B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:24.688{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:24.319{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:24.019{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5533E40EC1F2777B919C2909AAB881EE,SHA256=D1A4AE1756C346E5A88189E70010B049AECDD7545D63F5124D9D9D67C301A8D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:25.703{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:25.335{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:25.019{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF617062E04E89E635C854192839599D,SHA256=9C3A461960C1C13576967ACE8836E769408116FB7EB553A4F41FE7222B1657B2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:26.703{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:23.598{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51387-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:26.335{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:26.019{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E519B55E572EAB1C8D4C0D662E5E83F,SHA256=F36C492CD1114DC84AE425987DD48891313EB135AC63ED57529E85E20D424826,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.718{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.356{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.356{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.335{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\26502MD5=5BD23A0AAF9373D7B65D49086EB2C4F0,SHA256=B5837C80EC4753FF55C9B3F1130DAD36FAB4F41B1EAEFD56D4FE3BC303F697BE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.087{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.038{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9329C579C5EFA3844A274B1C805C6537,SHA256=D001A9DAF2CC0D387EBB5DCAC9DBE1F0E31C0EB0BBF26349B5CE8F880AE7A8C6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:28.733{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:28.371{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:28.055{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=681681C5B7A0D35C3FD7E0A612C3EC2E,SHA256=C838EAE2A86CB6B047C524989BC4F1BEC34A596F33ABDF6CA27A0DC17237FC58,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:29.754{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:29.386{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:29.070{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=000B623563C3F2ACD4B4DCCAAE6DABCA,SHA256=16C02B8B89667B8C4853E134318A9E0522EC42F8C845D6DBC264CDE825ED921A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:30.769{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:30.401{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:30.085{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B93EDC46F67BC8468567D6BE2D72739,SHA256=1671EF97951623460C8EE0B45081DBF51ACD7A116C118997509ACFE298109EC4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.784{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:29.548{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51388-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.416{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.100{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C607B153A46E1915DBC1DCF7201174C,SHA256=8458746242B9A77BE0EA8384771584E5BB2054959B6F63CF16F2C7F7191A8DF1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.785{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.468{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\14629MD5=59A9EDB44BC083D09A5FCF7AC0BE38F0,SHA256=ACEE5AE4F05DF9A4271B28C892234052F28BEA4AC7447A04C06842E6CB8AACE7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.431{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.368{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.137{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD52097B1D2CFD7E3B78057139E647FE,SHA256=752CBB12B5A9761BF630BC36CEDA4CF76848512A4BD2718ADCE2ACD66D46C07A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.100{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:33.800{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.867{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local63425- 354300x8000000000000000181044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.848{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54147- 10341000x8000000000000000181043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:33.453{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:33.253{BD6F876E-5D62-620B-1000-000000003702}400NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=34F52A8CDC2EC8BA56EDB24E2D48B181,SHA256=FD74A6D14D1F9481DF03F06D252DA3ED17EFD992770EBFE9A397A1F7F5731BF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:33.153{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB806D4F1BF759B2A6727E6C3066D166,SHA256=C6B75392243E0A3CD11B003C14DD17A0360342EBF376C53DDC8B06F73580F0E1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:34.800{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x8000000000000000181049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.469{BD6F876E-75E2-620B-8E03-000000003702}2792e13630.dscb.akamaiedge.net02a02:26f0:1700:1aa::353e;2a02:26f0:1700:195::353e;2a02:26f0:1700:1b0::353e;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000181048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:34.453{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:34.168{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6920FF3CCDC026FCCF439AD93C734627,SHA256=92F3D83AE08D5DDB952B57A7DDB0C4CEAA86C697113EF644D4F022F86733695A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.918{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\respondent-20220215075946-228MD5=7025492FB1EC8C8269D41863CFF34962,SHA256=B1F3EABB43E02B60652A4A1B84340FC0A4954EF456DB30059A9A5966425DEB16,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.815{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.468{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.168{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C394EA6C383E6091FF6385CE4ED5FF44,SHA256=8A769E323DBCF9617C20C5251FAC65E55C42FAD7D1E382040A631E452931564F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:36.931{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\surveyor-20220215075944-229MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:36.830{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:36.483{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:36.183{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EBD3AC8C7A4C262FB289ED97116BE27,SHA256=0DC2047DF9682F8A29CD938B1463FC168F9D7C85C9CBB6E8E4CA4714081258DF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.546{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51389-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.830{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.488{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.383{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.199{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=171E6172AF226CB60C7DAC45F2F72B64,SHA256=0EE5505A6EB6C00C3F3D94B91B8BDECAB951FD2ADD310A0A6547444F92834CCE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.114{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:38.830{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:38.499{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:38.214{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAB83936268E8E61213774264F0C2BF4,SHA256=F9D7144974B47F95D9FEF89AC6BBAC563814E91E1931012B70DD0E404FB6EA94,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:39.829{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:39.513{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:39.251{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB7CDC8E57C54D0E7DFE254D312A6C03,SHA256=74683A556DC4BF22F8FFBE4359D33960F9F2305392EDAF867CA367D5389EBC31,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:40.849{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:40.528{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:40.281{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7C529E813D94A91C7B5114F439DE47B,SHA256=492D686CAC22D71BC27DEB276688D308F874F4B63A2BE8A072FDAAF7EC338E18,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:41.863{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:41.548{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:41.311{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C910D7583DFEAC98305A255704258AD,SHA256=F897F3ACF9649E2B2533026D5CEA6C417C7C80F7FD6AA53030CD0B896BEE6AE0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.879{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.563{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.395{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.330{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4EE8F7A00B727D8F105579DBE7761B9,SHA256=C6D0957482D73C93F602E12F5AE706350A162819B5FB046F717C76C8E44BCC3E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.126{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:43.894{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:41.526{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51390-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:43.578{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:43.347{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=922B57D4CCC2DEC934FC2DEAB56B5002,SHA256=813566FD60910C058F429BCF840AC69CD84431C276FB60C6B142A5C68B23E85B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:44.909{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:44.593{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:44.347{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=387324BE73FA0F9195614B33EA4DB056,SHA256=FAE8B011820FCD1C5B532E428C207F62B67E192FAF50B5A8A12CB2B4712A6135,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:45.924{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:45.608{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:45.377{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A94D435F69E2E033385D98A71899B769,SHA256=E5A6E33B2830FAEAA3B87D3C33E930124BE9A947FDEE53B7AA35DE469309C2BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:46.945{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:46.623{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:46.408{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D432E0EFF1D086C2C0C2DA8AADFA5130,SHA256=0BADD04930FD954B411CEBE8DFD0BA546B949FB02DC29965A20459AE56175C8C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.959{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.644{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.560{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\2757MD5=48ED27A2A7E9BD09CC2974CF4E68E536,SHA256=68A173C96AC1B4B08C709B768FFE0841581BFA090862F2CFC6E80DE4B6CE2521,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.428{BD6F876E-5D70-620B-2B00-000000003702}2972NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=5EFB71941B65BFE05A751CD111932B40,SHA256=6E184D6D7F6FC2ADF175024AF93B2E137C05DBDE01B1E30F412273C3585EB82F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.426{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=547ECBDC38D6A89D9E49418C114376A0,SHA256=E787D543423C09CA50A523BD377925CAFD6315693BD67D12EA17284A9A7053C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.407{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.144{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:48.974{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:48.659{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:48.459{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46FA79735299C01053F065A760246F10,SHA256=3F5EC4F79ABA2EA90978C064B1A221D3F33BBE07E13E98CE86ABAB545FC02172,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:49.989{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:49.673{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:49.473{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1AE2308CB4E060B9C91EC386F047A1A,SHA256=9AF3918112BEA98953FA9BED4E35C0834218B0D9D1718480C3DC0CC1C7A5BFD1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:46.785{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51391-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x8000000000000000181112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:50.991{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:50.676{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:50.489{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71F8ACD67068417EE27CAB16F14B1B96,SHA256=AC6AE40188A1CDA6BBB0134750B3AF9D5A317E70DEC9741C1427125F7C942794,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.485{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51392-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:51.690{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:51.490{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=242448FB54EF0CD4770655D12FC7F60B,SHA256=45D2007B7587B7AC6B232C54584AA6FAE3C0DCCCB4B80E8A644649A6247F6EE1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.704{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.658{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\17458MD5=AF8D6378FEC5B4CE2F384149A7AF1932,SHA256=8C8187637D85590872AE4F141ACF50F212A8AA35E51B7E4F8555E4CB89311A99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.524{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A6F7D9825982DFE9DE5965FB786AEED,SHA256=4FC152BD6724D79A4BE926D632293BC18773ADDBF317747308318E0DD043B362,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.420{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.158{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.005{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:53.719{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:53.557{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE0CA227E7AF1070AD4DBB5A92F97368,SHA256=D3DA6482573425D4BF9350BF718B5E2A6930594F736DDA1097C0852DB3A991FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:53.004{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:54.740{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:54.587{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=251F70FB11523447477FEF28E417AA2B,SHA256=67DCCB6EEC570E2C7535689534A4CC4ED85CE6F5371722736C16BAB9041CAF3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.069{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local65139- 354300x8000000000000000181128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.068{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51949- 354300x8000000000000000181127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.039{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local49291- 354300x8000000000000000181126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.038{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53514- 354300x8000000000000000181125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.037{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local64573- 10341000x8000000000000000181124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:54.019{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-948F-620B-D60F-000000003702}7340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-948F-620B-D60F-000000003702}7340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-948F-620B-D60F-000000003702}7340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.857{BD6F876E-948F-620B-D60F-000000003702}7340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.740{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.587{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50C8F33B4B3C52CA22EB26204B7E4651,SHA256=7814AFDA46A773CD0D8D7551FCBAC190745EF08061A41700FDDCF3D16D91D17F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.620{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51393-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-948F-620B-D50F-000000003702}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-948F-620B-D50F-000000003702}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-948F-620B-D50F-000000003702}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.203{BD6F876E-948F-620B-D50F-000000003702}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.020{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.756{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.724{BD6F876E-9490-620B-D70F-000000003702}26766512C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.602{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED357E37EEFFB1BD7B7B2D044DCBAA2D,SHA256=1364AB492836476B15A931D311A16C834BABCAC3DDB656F24C21495244CA3191,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9490-620B-D70F-000000003702}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9490-620B-D70F-000000003702}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9490-620B-D70F-000000003702}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.541{BD6F876E-9490-620B-D70F-000000003702}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.203{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBC9B74B4006EBE05E75BF4567737E95,SHA256=4D3C7D1DDFCD846619F0603793AFC26E0C1FDEB0E9FE8C61D36D438A09E8FC3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.203{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B49E58B432567BE40977FDE93065F5D6,SHA256=1953A678F4ABB009DE088DB200431E4C5814BC12DF951F138BD5900B924257A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.040{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.771{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.624{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45FBBE50A2735FDA32478874FB758F94,SHA256=4803612C71E84579630B17AF528A21C68A2664B8484BE73CEAFCBD493002CDA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.571{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBC9B74B4006EBE05E75BF4567737E95,SHA256=4D3C7D1DDFCD846619F0603793AFC26E0C1FDEB0E9FE8C61D36D438A09E8FC3F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.440{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.402{BD6F876E-9491-620B-D80F-000000003702}925524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.223{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9491-620B-D80F-000000003702}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.222{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.222{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.221{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.221{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.221{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9491-620B-D80F-000000003702}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.221{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9491-620B-D80F-000000003702}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.218{BD6F876E-9491-620B-D80F-000000003702}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.171{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.040{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:58.786{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:58.639{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADC1512C179A662DDB7800EA8B4C3050,SHA256=AC6761F8614ECBD123E602C8C1C072FAA31FBF198025002A51BAE322E53A3CA0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:58.055{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.800{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.654{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4B5A28FB9FE1248864317EECA25912C,SHA256=F73D57AB9FF4DA7845511C521E70A130D78648E3FEE19C23C5232DAFD8B4DA3E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.070{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:00.815{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:00.684{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=029B63856EC1C4394EC09BE3C923BDDF,SHA256=90BC234793A58FBD16CB10C378DFBC1742EF4879A64A583FE31FCA80324A5B84,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:58.398{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51394-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:00.084{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:01.836{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:01.698{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=162E505CC739BA369FBF81E8B6931A21,SHA256=B955568961CE1CDF1838D37218F25F01DA4BCA01423B53AFDD992E12EF87A690,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:01.399{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0B15F5FC6F5265FABD57AABB2BDB871,SHA256=C2FF4B5EBB24D526015D9BD31970F30DF6466A639C5E59FA5267A44C497FE788,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:01.099{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.850{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.719{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A160E01AE8DD5BA804C5D1A13835AEA1,SHA256=78D7899831449AA8C308C482E8325A55F985AB4F648094141536CC652FD6EEBC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.451{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.762{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51395-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000181197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.762{BD6F876E-5D70-620B-2300-000000003702}2764C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51395-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 10341000x8000000000000000181196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.182{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.113{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:03.865{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:03.734{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CCD40E7EA9E892583A95C86B9CE0A3A,SHA256=835B9BFC4AAD5CC7AD6159B40D4B7B2B623915BA71D8BBA202DE8D529E0FB40E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:03.134{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:04.880{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:04.765{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AC5148EEEF2A2F7A07DD9768539C4B2,SHA256=1FBA06A44C6311995BF17A776C62C79A21FDE26EA1A4501AC54D992738E8F781,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.182{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55135- 10341000x8000000000000000181205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:04.149{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:05.895{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:05.780{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3DE02283F52398BB2938C5BFDFBD2D3,SHA256=B54B5FC56ED3143AFF12A6437A35042D8003E6CADA91D77A56EFAD6C3A907717,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:05.149{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:06.910{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:06.794{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDFCD572F0D54C77FB609CADDE3C9F74,SHA256=F2CED8B5C1E1FBC7D5DB99AFCEC7EFC18F1C1B718AF04FD89871A0BA4E981ADD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:04.427{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51396-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:06.163{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.930{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.830{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB81090E93E7A528EC991755E7DAADE9,SHA256=BE4B26DB4540FC8139E903E354B4F116875002D00BAA935E7F1D485D0CAB80F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.814{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\24505MD5=52EC91D49BAABA8BDEEE21963A2FEE47,SHA256=E0FDB9D3AAF89A0B3DDC4F0FBB9E669646D64DA3F9E28FD90F17F2BC39A7944F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.462{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.194{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.178{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:08.946{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:08.845{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=030B4F22BB2FCA1B93E691413BB74EC1,SHA256=2148CEAD6DDBBE0EF5426FD4CE75F131D827A222EF8AACBE40DBD0584E5FBA7D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:08.193{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:09.961{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:09.861{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE128A3CC7133C30A28A042186571D30,SHA256=7F62CEE6CB4BAC204485A8D689875A08D49E605D4569FE7EEDE1694EB40279B1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:09.208{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:10.977{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:10.877{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EE6CE2633A5942BFCE3382F57160B78,SHA256=150828CF29F11070DA6A50CB48581ECC446BAA4778DA43CF663B10123E6BBB99,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:10.209{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:11.992{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:11.891{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61813292381E99386F18AACDDDA1EECE,SHA256=D810416A68CC99B9CE342E25F96EE0AA315BF411242F7B0AC61863DB3BCEBEB0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:09.571{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51397-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:11.229{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.912{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\32675MD5=C3F7CD7370C7D129478F3B96A013756A,SHA256=E5108745F81AF457EAF1FBDB4415216D73B7141C71F1AF76CBFD10A9C1D214B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.912{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E68A69FCD2CB67BA63C1A8912A25BE0,SHA256=FADDEC58BBCD2D83156C646F153202E400BD4A57A30311DC09FF16ABBB22C16F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94A0-620B-D90F-000000003702}7528C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-94A0-620B-D90F-000000003702}7528C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94A0-620B-D90F-000000003702}7528C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.629{BD6F876E-94A0-620B-D90F-000000003702}7528C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.475{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.244{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.206{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94A1-620B-DB0F-000000003702}7780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-94A1-620B-DB0F-000000003702}7780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94A1-620B-DB0F-000000003702}7780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.976{BD6F876E-94A1-620B-DB0F-000000003702}7780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.943{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80CB7A9A5755D347E5AD585EA117146C,SHA256=6F5BED2F7EE5309DE17FEAEF26655967733075CC0371FB81D2B7E17EF2C58638,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.628{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F06C7FC2F8FB28798C2AC16D1B727F6C,SHA256=648D95ED20EA9B7B3537A3306BC847A95B49A0FE0398008D6A8AD2EDC0F8CDF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.628{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=997504C1FAFFEDAC3A5DC979297C4183,SHA256=42A54678B726410EE0808B08C61A53F4BC3EBE2BBCD7D037976B8C66864C2032,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.512{BD6F876E-94A1-620B-DA0F-000000003702}82888872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.312{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94A1-620B-DA0F-000000003702}8288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.310{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.310{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.310{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.309{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.309{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-94A1-620B-DA0F-000000003702}8288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.309{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94A1-620B-DA0F-000000003702}8288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.307{BD6F876E-94A1-620B-DA0F-000000003702}8288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.259{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.005{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.990{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F06C7FC2F8FB28798C2AC16D1B727F6C,SHA256=648D95ED20EA9B7B3537A3306BC847A95B49A0FE0398008D6A8AD2EDC0F8CDF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.943{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EB621739CD74C502E63747A28FECF6F,SHA256=06832BB450428A52F81667C14E097DD745C5DDFED98D250B21EC97CC3BA9585B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.323{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local57147- 354300x8000000000000000181273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.286{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local64674- 10341000x8000000000000000181272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.259{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.175{BD6F876E-94A1-620B-DB0F-000000003702}77806192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.006{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:15.958{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=617F77CF5BB7AD5022A7055E24B64564,SHA256=CD46A8F03A58D4E3ACB2B22EEED05BD3239EBFA779A5FF6BEED68F39738BD77B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:15.274{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:15.006{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:16.973{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05E4E8F71A67C200B0BAED5BCC63C942,SHA256=BDB801CDD03C2E205C3BE9F5B0E6A8A83708FB207F8241E8D854BAD1163ED242,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:16.290{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:16.027{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.988{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D5D4982B03095EE4421AF992C3216FC,SHA256=ABE8397A09730AF003BBC78F86F2C63CB961D312E1B49DC1B670385D11247F09,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.488{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:15.468{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51398-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.304{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.206{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.042{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:18.304{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:18.057{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:19.304{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:19.072{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:19.025{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22F7D84B658473E5AD1F0F7B13BF97F9,SHA256=795BB7FE63D44C007EA3CD0F45BD8B6A8A2C2753E466DFF8E2DD901A2C8E3486,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:20.305{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:20.074{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:20.027{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B0DCED10107AB3ABD9240882453BFF8,SHA256=B0B19F09812628C4854709ED5F091BAD71E62FC13ECF8CF44EC60A196D65890A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:21.306{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:21.088{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:21.041{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16053A30C76186A3AFC25188D3046FEC,SHA256=14DA11DD709756D94BD26938860B1021114B27BBCDDE5BF1209BBD06FCD46277,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.502{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:20.482{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51399-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.308{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.224{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.103{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.056{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDABBB54CDEB2C502A3AEE26256A2411,SHA256=66C8DB45122E0CAC32ECE0D547E7DC1B40F603A9425AAFD07A88977DC5760B7F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:23.323{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:23.123{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:23.086{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DA0B3976F98FD3A5203E14CE0095B4A,SHA256=B6F8F8BD5CB115ED91E774033CE69057B03D3D853D6D5C91F298B3CF77BB6D7C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.402{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54945- 10341000x8000000000000000181311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:24.338{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:24.138{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:24.122{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78493B7D96AABDA4466EF627BF7FFE66,SHA256=2192F09A9FFB413C7A7CF790D88D7046ED504E9DA3AA48E394575EADDD3021FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:25.338{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:25.139{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B66E158F0492DEA1665ECB386B327E3,SHA256=FFA3E64D7ACA32FEB0B05BEABA216FB8DFE32A039595CB7F18E2DAB6712C23D3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:25.139{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:26.338{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:26.154{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03481E7D9F2A65E820E548ADA4371E76,SHA256=C064B30E843340ADEE1BC924E36E98987C4E1A9CDAC8F8F6A0BD8E135AFC94B9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:26.154{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.521{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.353{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.237{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.169{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0140E811AF329670F255DCCDD6E25B59,SHA256=9344ED9562635BB3DC3CDBB059501573BEC7FB49E30018FBD894816F687EDCDE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.169{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000181328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:55:28.898{BD6F876E-5D62-620B-1100-000000003702}476C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d82262-0xed311651) 10341000x8000000000000000181327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.367{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.183{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19116211AB57005A0E2CB6D6189683EB,SHA256=136AF471FFA0FF2917C7520460071A77E8D4F3C5E264294C7C751A70D5D7C819,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.183{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.036{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\26997MD5=221D691A4FE838B910E29E2C2B05027B,SHA256=487AB4D4155E0D9B3EF0DB13247A6B9021207E95B54C914C0347DB28C1EF4724,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:26.416{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51400-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:29.382{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:29.220{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93DE647D268D0277A3084EFC1597AAE8,SHA256=10E12F95DFAED293364BBBF4A78C95ACC13DB24666F8BFECB17F0CE4E1B999C0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:29.198{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.260{BD6F876E-5D62-620B-1100-000000003702}476C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local123ntpfalse40.119.148.38-123ntp 10341000x8000000000000000181335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:30.397{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:30.250{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BFD3ABAD2ADA14DB031FB60C25D683C,SHA256=44E9C662ED692A628DFA0292B8139ACDA64BF4CA00B12E6B5F502A1C01647EC6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:30.219{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:31.418{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:31.265{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A37F833E396B414AE077E9911765212E,SHA256=7B64055BC0605E8CF99EAB5B5F21F46E7DA4B7764CF7A88997731B149BC1D1AC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:31.234{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.533{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.433{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.280{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF0E2AB4D555057278093566C599FF4D,SHA256=ABD4F6F49F34CB151DF8BFE6DCAABA8F72EEF536022269A6DD699007C98076CC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.249{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.249{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.448{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.299{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E15A8491A4AC9EA8C4207FB0354C6BC,SHA256=D2F3E680E076E3915146B9786313E5AEE7D37C1DDC91CD4AE502A78C374B59EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.264{BD6F876E-5D62-620B-1000-000000003702}400NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=0B5F332B6CA413238C13541599BAC859,SHA256=4644FA56842187315EB2109D9AD9168872E79CB03B177D0217CE024759398F68,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.264{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.132{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\2399MD5=657E16676A102D15476F1CBB151FFAB4,SHA256=8752E473F716C23213E42CE2A2175B5C7DB8AE487F301F01FA85BD7F0C1B6DE5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.559{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local62788- 354300x8000000000000000181358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.514{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55185- 354300x8000000000000000181357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.511{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50724- 354300x8000000000000000181356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.426{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51401-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.464{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.317{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE75DF103EAB367BA460F31A409133ED,SHA256=6CF43BDD5F238DC2E35E601B9E81EA11AC45094CC9B9CF3E2C416C44522A5604,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.279{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.079{BD6F876E-5D62-620B-0D00-000000003702}9049096C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.079{BD6F876E-5D62-620B-0D00-000000003702}9049096C:\Windows\system32\svchost.exe{BD6F876E-75E2-620B-8E03-000000003702}2792C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.079{BD6F876E-5D62-620B-0D00-000000003702}9049096C:\Windows\system32\svchost.exe{BD6F876E-75E2-620B-8E03-000000003702}2792C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:35.478{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:35.347{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDF167DC225645882FA6F377452F9DC2,SHA256=885D946DAA603F2CAAF8CFF1B8C31E233D292540D2F275B5FB655DCDBAF0D0C6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:35.294{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:36.493{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:36.377{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2D215CDC96BDE0E0B2EE6C2F8D3459F,SHA256=462A134F6EF1A61162370F47E0912240889FE974821B2030C98EA55243785058,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:36.294{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.544{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.493{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.463{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\respondent-20220215075946-229MD5=7025492FB1EC8C8269D41863CFF34962,SHA256=B1F3EABB43E02B60652A4A1B84340FC0A4954EF456DB30059A9A5966425DEB16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.413{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05C1D60F1FE04FC71B801FBA427E5B5D,SHA256=DC65074986B0EFF17C2B6C726D24DD164BFAB7931D35386276FFCF1DEF687B52,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.313{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.260{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.493{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.476{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\surveyor-20220215075944-230MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.443{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED8033EEE43135A8AE0BBC40F742305E,SHA256=B5D9A7DEBD3A12F3B5A2D735CF768ABBED6DCE9F462C1590DA58052C2EEF28CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.328{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.288{BD6F876E-5D62-620B-0F00-000000003702}356C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse58.69.124.14358.69.124.143.pldt.net63956-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local3389ms-wbt-server 10341000x8000000000000000181378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:39.511{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:39.474{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1927A16CFB099AFF6E5F355AFCAA9503,SHA256=076FB4E20F3541747870240CFF2E35A28FA87B22712EDBA4EA2C588E91FB79B1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:39.343{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.421{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51402-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:40.526{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:40.510{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A68B51AD33C86589EE6375D591B85785,SHA256=952F3F9C6FF5A2A974A2F36E4A59BFC000888C458E42439D425CA5130559341E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:40.373{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.526{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.511{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB7E3CE1A7053D478BDF73B552460E7F,SHA256=8ADCDA61B178AB9F1C09B4110F58F13546E9DEC6CF7E6577783A31F5FB208C98,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.389{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.111{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=358536B409EF60FAD2F981CEB2B0D903,SHA256=52347452DD3ABB096F036D65BA3999FA4A2A5A295E7A543F297C69346F9BE625,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.111{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=24751F907ABB68170F4A148A806A839B,SHA256=516975AD87F60BAF612DB7F777E9ED91F6884A4A2DE7A0CB7CCA48FB377FB5F9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.558{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.526{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2271B927B09B244FFDD724F6515769D4,SHA256=35503B95CDF7EF292665CFE0E24D1C22F8B35C9BA7A705C3B4C8877C2B81406E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.526{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.390{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.274{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:43.541{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78CE35D2143DEC0DD92355A39F166F85,SHA256=C4B9EF34192A3328E4A09099049A7E0E972204756222F1A065E1C0D72B871516,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:43.541{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:43.410{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.653{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local49721- 354300x8000000000000000181401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.624{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54686- 354300x8000000000000000181400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.620{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local52930- 23542300x8000000000000000181399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:44.573{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04426ABCF3AC04EC722E818B2F5E283D,SHA256=29E5457A155694232129769D76B96E4B2192F5C70E87DD3D3A476C85A01B266A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:44.541{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:44.426{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:43.467{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51403-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:45.573{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77D20D9EECC5F9DD022A5B79DC59815B,SHA256=319C61A265E4810E9A21673496E3ABE577C5C441B932EDF779AEF9BA820AEEE2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:45.542{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:45.426{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:46.591{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21862748572673AEDB0C241F124B1EAE,SHA256=050E444DDBDBD28D4A0C66700FE7D7208B2DFE657B8392B52CDB705FFB19CF1B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:46.556{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:46.441{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:47.608{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26F5F43A23D964E230570BCE741AD385,SHA256=2226C4FB9B210C53FBB3CA651D228E187926720193E1DDDDAA0F8E15123DB3FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:47.571{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:47.571{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:47.455{BD6F876E-5D70-620B-2B00-000000003702}2972NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=5EFB71941B65BFE05A751CD111932B40,SHA256=6E184D6D7F6FC2ADF175024AF93B2E137C05DBDE01B1E30F412273C3585EB82F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:47.455{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:47.287{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:48.623{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0288DDD4C069FF29B5360333577EB622,SHA256=6CACF5270F5F07A171B5FF4692CD49E80A4E4FC873AAAD69604D46A69A53A1C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:48.585{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:48.470{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:48.255{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\22958MD5=5D58EE7803DB82C0A05B6F4A8BFB8BC1,SHA256=4E5E838A4DBAC3E20B4B395C78197869D60A0BF456BB5CFCCBD00E90D80F7054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:49.637{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C28AE2E755D6CC5A845A2C03B0B3F889,SHA256=3559E1638F61D35963817D56409AB1E706FC3FF5062B60D65502E56D3171F163,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:49.586{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:49.484{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:46.818{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51404-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000181426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:50.667{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=165FA9EA4C0C632074991244D7B59AC7,SHA256=E48080CC97394CC7E61089E23FBDE56CE3383189EC94169AB612C53B5B458582,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:50.605{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:50.505{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:51.686{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=767F8A1229FAC884080810038889A7E5,SHA256=42D4450D3DF87803F1670DE7CC5F75C3111E391D603CF39B68636436F8CBA1F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:51.619{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:51.519{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:51.420{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A7D330617E74053EB59219395A72E0A,SHA256=F1C40B614ED6D09FA99338594880BAB777D3F23ED1A8FA103D2184A4534712B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:51.420{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=358536B409EF60FAD2F981CEB2B0D903,SHA256=52347452DD3ABB096F036D65BA3999FA4A2A5A295E7A543F297C69346F9BE625,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:48.616{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51405-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000181427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:48.565{BD6F876E-5D62-620B-0F00-000000003702}356C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse173.219.103.10173-219-103-10.rmntcmtk02.com.sta.suddenlink.net14562-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local3389ms-wbt-server 23542300x8000000000000000181438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:52.703{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=585A215F4D40024DD3554CC84BC88C53,SHA256=98BB2F3BE62149237986353D7A14E00AD1F09C7D2E3B8B758A17526B08FD5CA2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:52.634{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:52.581{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:52.534{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:52.303{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:53.717{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=272FF3B549F12593B2AE9740CA439546,SHA256=2B186E41419E27304826096303FCF27A0FC6DCFCE944D2AF9E2D8FA12A641C87,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:53.648{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:53.548{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:53.364{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\11310MD5=9E353D04D2EAFBAD0289E99900E1F781,SHA256=57BA7374F1B4FC9E88E0BA104460C112D08B0E0640F1D6F6C158D407D7AE8A39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:54.732{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4DBA49EB018CF926DB4A790C7E7F04C,SHA256=780569AB1BDC09CAD6117BA80F58519B2CC9713DF8ED30F5D268AD3E724FC414,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:54.663{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:54.563{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.984{BD6F876E-94CB-620B-DD0F-000000003702}88489172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.763{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94CB-620B-DD0F-000000003702}8848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.763{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.763{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.763{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.763{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.763{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-94CB-620B-DD0F-000000003702}8848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.763{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94CB-620B-DD0F-000000003702}8848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.764{BD6F876E-94CB-620B-DD0F-000000003702}8848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.747{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BE17DCF237FECD99F8043250318B19A,SHA256=36EC2A7DC75164B7ADFF8C7D71AD8A16B6AD590123FE49C02568515D3F89BB54,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.678{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.578{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.085{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94CB-620B-DC0F-000000003702}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.085{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.085{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.085{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.085{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.085{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-94CB-620B-DC0F-000000003702}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.084{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94CB-620B-DC0F-000000003702}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:55.081{BD6F876E-94CB-620B-DC0F-000000003702}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.763{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=564ED12EA59B3FC3FCAFC62FB9225909,SHA256=C1388EAD9AD5A23CB948832915B9EA3218243DE9633BD902E78B6C0B41103510,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.679{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.579{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.432{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94CC-620B-DE0F-000000003702}8000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.432{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.432{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.432{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.432{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.432{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-94CC-620B-DE0F-000000003702}8000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.432{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94CC-620B-DE0F-000000003702}8000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.433{BD6F876E-94CC-620B-DE0F-000000003702}8000C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:56.101{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A7D330617E74053EB59219395A72E0A,SHA256=F1C40B614ED6D09FA99338594880BAB777D3F23ED1A8FA103D2184A4534712B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.764{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=071709F5E512A60A30EE58E5383F0107,SHA256=4861DA910B02E64862950F3591AE6DD5D949A0ACDF7776EC5FD3BE6FBB813CCB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.680{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.601{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.580{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.433{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=981B48A8E668864F7C91D77AE38C7524,SHA256=9575A196CB91591E2FB8A845D0736695B7DBF1C20A3BF9283C9E453839785DCC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.320{BD6F876E-94CD-620B-DF0F-000000003702}67808072C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.304{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:54.410{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51406-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.101{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94CD-620B-DF0F-000000003702}6780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.101{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.101{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.101{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.101{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.101{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-94CD-620B-DF0F-000000003702}6780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.101{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94CD-620B-DF0F-000000003702}6780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:57.102{BD6F876E-94CD-620B-DF0F-000000003702}6780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:58.783{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CE1C105B45B87A542390364185A3761,SHA256=7615AFF7A3B9F1D4169E76C59850F5575C4D4C3CFD3F4AE6E593D52A554A09E1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:58.680{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:58.601{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:59.802{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D3D66DAC675AD280F44491A41FD6E82,SHA256=F459F6B97060EAF951295C22C6696A333B110D88936CFAFEBB53A98D0D8F5BC4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:59.679{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:59.617{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:00.802{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29F9C34B6E0A793B32F6964BF86009C8,SHA256=21ED68061FEEE920BD1AF8FAC08B7D420246EB2A04A34B7FCDAD7D6AB18D6FCD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:00.680{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:00.617{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:01.818{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFF0BDC4107751BDA012AA9EF91777B0,SHA256=79CB733F0AAEF25E06B03C2F6A2E46ED8189ED73B309CB049E13CA28393D66C7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:01.680{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:01.633{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:01.417{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDC8791E97EEA67091F1D720290C7FB6,SHA256=C8218536D4D5989D16E34160136378802DE6AD784ED2416854A011636A99126F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:02.832{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=295B33D35D93C8F9A2FBCB7D0685C79D,SHA256=FFEEFEB4DF65F3902EB4AEEA61D1B26A9C54A0EE00FEA74BEAC124C869E8D13A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:02.701{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:02.648{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:02.601{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:02.317{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:59.780{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51408-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000181508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:59.780{BD6F876E-5D70-620B-2300-000000003702}2764C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51408-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000181507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:59.458{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51407-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:03.855{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ACCCAF1F8535A77AFD4CD62E80EA014,SHA256=1527909F5B728EAB54D5B36D4C70304FC518A7986E7D3A6D0BCBFF8A474DCBCA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:03.708{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:03.652{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:04.870{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4EF621971A6C183F53323CA1B601FC9,SHA256=991BD4E62BE4EEE68DC8B94E5DC4A2AFAFA3215AF63F547C66E795E6D52C9839,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:04.723{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:04.654{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:05.888{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4803F867D1357EE3CC9C31B9594C3B16,SHA256=610FDC9AE1C8998038715DEFDA679044B8BDEF4875F190EBF156F1B5DC6013B9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:05.737{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:05.669{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:02.886{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54763- 354300x8000000000000000181522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:02.885{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local52707- 354300x8000000000000000181521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:02.847{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local63623- 23542300x8000000000000000181529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:06.905{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B6D5F5920E9997DA6350483BC752570,SHA256=C8FF3410DAE88D1D39B1AC986DBA5776BFE727F4CB53ABDDEA9825368BE44702,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:06.752{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:06.683{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.920{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7E0025C4B2ABA0E867100F9760DE793,SHA256=35FCB283B67FB26796C0BBC426B664E637EB58A821C87698F20495EC84FBC71E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.888{BD6F876E-5D61-620B-0B00-000000003702}6242432C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.886{BD6F876E-5D61-620B-0B00-000000003702}6242432C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.886{BD6F876E-5D61-620B-0B00-000000003702}6242432C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.767{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.704{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.605{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.321{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000181534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:56:07.052{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\6FC0DF5C-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_6FC0DF5C-0000-0000-0000-100000000000.XML 13241300x8000000000000000181533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:56:07.037{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\11D75C7F-AE25-4D1E-B52A-87444CED90D8\Config SourceDWORD (0x00000001) 13241300x8000000000000000181532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:56:07.037{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\11D75C7F-AE25-4D1E-B52A-87444CED90D8\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_11D75C7F-AE25-4D1E-B52A-87444CED90D8.XML 10341000x8000000000000000181531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.037{BD6F876E-5D61-620B-0B00-000000003702}6242432C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.037{BD6F876E-5D61-620B-0B00-000000003702}6242432C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.930{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=346405B4CED155D983223FCD102DC8C9,SHA256=4BC5E6DB4427D993DC2B12672E914F203026824A3804C15F176BEAA5726FF365,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.914{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7A15724709FB42FA3E8D657E908096D0,SHA256=B818D42074547B4A09FBFB5B567E10305FC1E55F72592B0B58F2C624F19EA640,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.914{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0C2858E20574B3872E3A2DFA23415590,SHA256=6E7EE715A5DF2775799491C033AE5919D2499D1CBB5B28CE19C7852005FAEA99,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.894{BD6F876E-5D61-620B-0B00-000000003702}6244648C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.894{BD6F876E-5D61-620B-0B00-000000003702}6244648C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.776{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.730{BD6F876E-5D61-620B-0B00-000000003702}6241476C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.730{BD6F876E-5D61-620B-0B00-000000003702}6241476C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.730{BD6F876E-5D61-620B-0B00-000000003702}6241476C:\Windows\system32\lsass.exe{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\system32\DFSRs.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.714{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.477{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\31869MD5=BE9C56E5AF163F0DBD374A8396F67521,SHA256=3E92DDA3745C9B5243F2C0FE6B6A8CC7713DBA41CA9391747F067933B7A7179D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:06.434{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55017- 354300x8000000000000000181546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:06.432{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55218- 354300x8000000000000000181545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:06.416{BD6F876E-5D62-620B-0D00-000000003702}904C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local51410-truefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local135epmap 354300x8000000000000000181544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:06.416{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local51410-truefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local135epmap 354300x8000000000000000181543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:05.465{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51409-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:09.945{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8A22F35F5C97FD45E63C0F29E187A79,SHA256=C348CACFA0E87319B176C25AD48F5C88ACB1060AECC6C1DF65ACCD0034D660D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:09.792{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:09.730{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.260{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51411-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000181559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:07.260{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51411-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local389ldap 23542300x8000000000000000181568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:10.959{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7566FA563378D12339AAD2B75D2457B5,SHA256=E0623BBD04EC54222D05EAE823FE41754DC5F7D5E30D14344BA556B13E93A0D2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:10.813{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:10.744{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.107{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51412-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000181564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:08.107{BD6F876E-5D70-620B-2600-000000003702}2828C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51412-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local389ldap 23542300x8000000000000000181571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:11.974{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D23B842A3F36BD36CB10A6152B621CD,SHA256=928E456096EF799E93C7AA647EF8794C98C05CD37C96F33AE6EF01D823BE4833,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:11.827{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:11.759{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.995{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA03EC6D6C2B93055F508A2C027CA9E4,SHA256=68B198A05408B8F188EB27843281E5DB790E320AB6A1F3E2AAC4F0DE54F54A7A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.842{BD6F876E-94DC-620B-E00F-000000003702}88807696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.842{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.773{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.642{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94DC-620B-E00F-000000003702}8880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.642{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.642{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.642{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.642{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.642{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-94DC-620B-E00F-000000003702}8880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.642{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94DC-620B-E00F-000000003702}8880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.643{BD6F876E-94DC-620B-E00F-000000003702}8880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.611{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.327{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181606Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.857{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181605Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.826{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94DD-620B-E20F-000000003702}9188C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181604Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.826{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181603Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.826{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181602Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.826{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181601Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.826{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181600Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.826{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-94DD-620B-E20F-000000003702}9188C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181599Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.826{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94DD-620B-E20F-000000003702}9188C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.827{BD6F876E-94DD-620B-E20F-000000003702}9188C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.788{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.657{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7A15724709FB42FA3E8D657E908096D0,SHA256=B818D42074547B4A09FBFB5B567E10305FC1E55F72592B0B58F2C624F19EA640,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.610{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\403MD5=BA3F16C0915AF85E42017DD55BEFA940,SHA256=C02F20B1E92F33E2B7439D5B21A01A977A1C7F5D8AB8F7A9DED507C48F0B46EE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.441{BD6F876E-94DD-620B-E10F-000000003702}81563484C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.210{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94DD-620B-E10F-000000003702}8156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.210{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.210{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.210{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.210{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.210{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-94DD-620B-E10F-000000003702}8156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.210{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94DD-620B-E10F-000000003702}8156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:13.212{BD6F876E-94DD-620B-E10F-000000003702}8156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181612Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:14.861{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181611Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:14.846{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=194B0AA57367C32B6B5D9A6AE79F1F8E,SHA256=D0DCB7B79B56133E81FED37314C4FAF48AFD7A3D9F089B83C7D7BD3948A8FC4B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181610Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:14.793{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181609Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:11.477{BD6F876E-5D62-620B-0F00-000000003702}356C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse173.219.103.10173-219-103-10.rmntcmtk02.com.sta.suddenlink.net35716-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local3389ms-wbt-server 354300x8000000000000000181608Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:11.467{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51413-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181607Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:14.030{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8468DB2454E4B45E1B45493C23BEA3C2,SHA256=80BB7718B4820F86C91E49C402071FC1D2A6A7A57168B1A2ADC028ED6DCD0FD4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181618Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:15.862{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181617Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:15.793{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181616Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.998{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local63133- 354300x8000000000000000181615Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.998{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local56908- 354300x8000000000000000181614Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:12.989{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local64655- 23542300x8000000000000000181613Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:15.030{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0EC652D819C4D40D71CC137FF88D34E,SHA256=16425BEC9AD9B0E6B17BA9B9AB743BEDD597FBC2BAC49AB319C63357C03962DE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181621Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:16.876{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181620Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:16.814{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181619Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:16.030{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84B858A393B9C40981C5F3A1BD7F848C,SHA256=B563E2A3972E0B4E4FF118863FB20AAAFB77FF45DECEF1BF1230559FA02532CC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181626Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:17.892{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181625Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:17.829{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181624Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:17.614{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181623Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:17.330{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181622Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:17.045{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36167BB11178202AA988E84E8DE24C01,SHA256=A9D4160B5E82991669AE1CF42930BE58DC0B9E449C0DE9A9971332D3B8D29FD3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181629Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:18.913{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181628Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:18.844{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181627Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:18.061{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A1EB93F26782873029CE3C6717E336B,SHA256=D8377D22CFF6595ABB491A91D725951E3D68A0B22B2222942DAB5B702598993B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181633Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:19.915{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181632Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:19.846{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181631Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:16.592{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51414-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181630Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:19.075{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71BDE18DB1D04767ECBB060626F19C78,SHA256=7BB24B20D01F6BA7A5DB5EF6D9E7CB0A6122E02A354E0B950B23762220250900,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181636Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:20.929{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181635Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:20.860{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181634Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:20.077{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0774E347E9E69F3A772E467B797046B5,SHA256=2C61F4A16167EA753D04A60FAAD22B667DE751064F9F0C6E8D7BC293C254852E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181639Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:21.944{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181638Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:21.875{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181637Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:21.113{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E606B84695DA1F88D038B552878367AE,SHA256=2F0BF7D2935CC337B57303B25B540737048120CC03B067057296029B4AC0C01B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181644Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:22.944{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181643Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:22.875{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181642Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:22.629{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181641Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:22.345{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181640Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:22.143{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D22575F2B49D3B1D0CB83896EE33782E,SHA256=FCADD10F1BE0CFA86334EA6991242B37A28AC4E547FACC79BE80E617A5CA1758,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181647Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:23.944{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181646Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:23.890{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181645Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:23.144{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCE41F6B3057F6733BAF05DC4DAF70E7,SHA256=6FAC4BDECBDBDF14866773E43649FBDA238E1B8CFDBB06E3F0513988A583EC13,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181651Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:24.944{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181650Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:24.891{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181649Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:22.468{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51415-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181648Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:24.144{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF8A8F749E2489CFAC0CA8BDD2A31EB5,SHA256=CCCFFBD6AEAC13C7955FF894295DE3287DFD0E3C2874116F6A6310750347D8F4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181654Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:25.945{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181653Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:25.893{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181652Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:25.159{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77EF815A5D4F36F36BA0E641E68C68CA,SHA256=C7D5C57782715565F41BB39F6C39AD8F7A213D77DD44FC906DEC39C1D1580F5D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181657Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:26.960{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181656Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:26.914{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181655Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:26.177{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63BB0246ED258E458E08CBAE9A3CCB64,SHA256=F2AE9BF807CFE738F8224B064F1D0510AE0EC0CF5680F73A4E5B4354168C3BDB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181662Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:27.975{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181661Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:27.928{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181660Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:27.644{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181659Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:27.360{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181658Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:27.213{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E9C437EEAF4E24E09E2C2167C590C26,SHA256=8E6E3CDD63623C30B1A784B28969A0AFB5CD798A0612D1F65FBD5443DDBA0D1D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181666Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:28.989{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181665Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:28.942{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181664Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:28.727{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\30871MD5=15DDE53B73AD3EA97F53D4AAF28850CE,SHA256=8DCCB6AD3D5F0399A57220E9383B0491922CEC8A635241AC57E567E715A650DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181663Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:28.227{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02857A5F4A5773DF0961A4C6A07E2072,SHA256=6DBBD728F8EB26D3B9CF8B45D628D4F32A2906453D012EF302ABA3291AEF6FC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181669Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:29.957{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181668Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:27.536{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51416-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181667Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:29.242{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA787A5951C9ABD52A089B3FCABD70E6,SHA256=4FC03EFB86F818A080F11964ECC01930D214B40DD9AD217EB091F1BA1CA882BB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181672Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:30.971{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181671Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:30.257{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ED95D2B12BA6184315B0306D6B78AB2,SHA256=A315BE1429DFBB98A8AC147FA6757EAC4540477ADE55DCDE61EFC71DCB034B9A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181670Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:30.010{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181675Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:31.987{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181674Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:31.271{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3734E1EACD33F4B3F479DC589F0E4CA,SHA256=A42B74EA18F8092677F25E9950383121D71DA1B839D54FBD584BDA6DC409350D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181673Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:31.010{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181679Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:32.655{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181678Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:32.371{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181677Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:32.291{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5936F8E6E5BDC625D22A4079C5E997EF,SHA256=C966A0619DFA4A636D6EBB6E162946561AFB483B38201E7766D8152CBDC45739,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181676Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:32.024{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181684Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:33.806{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\22825MD5=3A4D616D4A66085BD61FDD4B70E723BB,SHA256=45AF1601C46835ABDED1E48DD12F2A8031198315F44A2A6A4DC1CA4F5C988616,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181683Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:33.307{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63A662151F151AAB230909885870943B,SHA256=5F39ECDF94D6785A31105C9E46FB83ABECE650DE889DAC11183AA7CA9BDF2E19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181682Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:33.270{BD6F876E-5D62-620B-1000-000000003702}400NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=3107B2574C8919F0AA4544C84BA92910,SHA256=5CB4D790A2F36F21DB6A025FE25D1CDAF9206BB9927C5EFF6A9EB5D54948A57E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181681Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:33.039{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181680Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:33.007{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181687Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:34.337{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA36CE595AE74C216DFC12FF8E64013C,SHA256=9316F6FC02527526D7BC2AF5F87538978BC5B0B2B77064BAE23776D0FA67BC88,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181686Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:34.039{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181685Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:34.022{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181693Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:33.217{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51970- 354300x8000000000000000181692Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:33.188{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53705- 354300x8000000000000000181691Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:33.185{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local57690- 23542300x8000000000000000181690Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:35.368{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E199F1A58687EC579F97F85FCAB5E40,SHA256=9A591D6505A595A0F4FB6A0EDA173B8F36974DD2A4457BF69D5F58208E77F03A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181689Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:35.052{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181688Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:35.036{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181697Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:33.531{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51417-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181696Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:36.386{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45C5588D8357994E9C90A8B5B8D19C4E,SHA256=7C1AE8A2331595FA843DAB7B77370084C693C7684E56DB4519D597EE4621F23E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181695Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:36.067{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181694Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:36.052{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181702Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:37.666{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181701Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:37.404{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84085F46A12291CBD83AAFC56F127510,SHA256=AB2ADA216F2A10DB0368E5643829FA29254E36573063E6E89AD045C309AB03D0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181700Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:37.382{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181699Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:37.083{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181698Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:37.067{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181705Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:38.465{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0099C0ABBB8A9CA5080C0B5F7BAB62FB,SHA256=B116B2FAB7BD8E8D723F27AB4CD4013290508970D175132C45991C2F230DEF69,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181704Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:38.103{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181703Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:38.082{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181709Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:39.502{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E66B3BFC08B4836FC8FCD49FD9CB5C3B,SHA256=4337B83BA18CA3F7F02E024E466A54B70ECCD9F5E1BF497968C6DDA366121355,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181708Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:39.118{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181707Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:39.083{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181706Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:39.006{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\respondent-20220215075946-230MD5=7025492FB1EC8C8269D41863CFF34962,SHA256=B1F3EABB43E02B60652A4A1B84340FC0A4954EF456DB30059A9A5966425DEB16,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181714Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:38.611{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51418-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181713Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:40.535{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B22A023511865AC89C9DA3A71B0DAB1F,SHA256=EB087AB47E844AFCB5DB756B31D1805D8429E5D1142B3658102B26ECB4940C19,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181712Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:40.132{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181711Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:40.101{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181710Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:40.018{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\surveyor-20220215075944-231MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181717Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:41.564{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0572800BEA159864FA4A572577878790,SHA256=919461748A3364F3C7995DD994C75A674D066405FD1F7C4A14943C707A7C05EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181716Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:41.147{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181715Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:41.116{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181722Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:42.679{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181721Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:42.583{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C065A9C8BE861FF8D901CFF72D7685D5,SHA256=1C67D016D2D2B33CDFD84838AC7FE9B923BDF10606E4D9B7F593EA5F366FDC2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181720Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:42.400{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181719Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:42.148{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181718Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:42.116{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181725Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:43.600{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=035402120A1AA1186E8A1457BAADB6B2,SHA256=65C13FA8566966867355328F97A17EF03C41ED805D3C1568F4BAE927EE49E016,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181724Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:43.163{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181723Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:43.131{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181728Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:44.614{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8E4BF590D94965ECAFDB83937AC5167,SHA256=FD69AC68663D540174E560597A04020A2A6CF58CA6A3BE6D08929A938D07059D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181727Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:44.178{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181726Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:44.146{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181731Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:45.644{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0816514CDE410647F5DC8892B132F4D7,SHA256=BCBB2EFE3D2B95BB3B78DC15658626D90DB731CFA479EB7FB4CEC7E0A4A0F951,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181730Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:45.198{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181729Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:45.161{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181734Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:46.645{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13A6A011E98BD7611EE9A48D2C8DE36E,SHA256=CC035DF71CD527ACF3B92F89994241D0FA9EC21ABE91E4FAA7348F6AEDD5B8C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181733Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:46.198{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181732Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:46.161{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181741Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:47.698{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181740Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:47.645{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7313D5D510BD5A36FA0B1887781281F,SHA256=6406828C861A3AD87D154F4189C41EE5E3719D4697DDFCFD151D90ACCD8926FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181739Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:47.483{BD6F876E-5D70-620B-2B00-000000003702}2972NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=5EFB71941B65BFE05A751CD111932B40,SHA256=6E184D6D7F6FC2ADF175024AF93B2E137C05DBDE01B1E30F412273C3585EB82F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181738Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:47.414{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181737Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:47.199{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181736Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:44.454{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51419-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181735Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:47.161{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181748Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:48.980{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D62-620B-1500-000000003702}1248C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181747Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:48.980{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D62-620B-1500-000000003702}1248C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181746Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:48.979{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D62-620B-1500-000000003702}1248C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181745Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:48.960{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\13545MD5=691D62FCFD9D57E9CD5587766E8D39BE,SHA256=8F8C6A59EDA204167BB18E40ADD089F5970B07DBEF4222ACCF4FF68209738A4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181744Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:48.660{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49ABE64B53254E8875A821944D521247,SHA256=59ED8E8F93046B8AB750243D24A13FC193E75847E1481911B86F39874AF4F971,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181743Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:48.213{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181742Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:48.176{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181752Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:49.679{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1AE4ED84BA1491DE6E55FC42DEA0173,SHA256=1D35DAC876488A42A34562DD8440EB80D782E00F47718BFD3513908CE81493EB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181751Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:46.838{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51420-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x8000000000000000181750Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:49.228{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181749Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:49.197{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181755Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:50.696{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99032BF1062D0793ED7C2827E3BC12D8,SHA256=A6DD193E6DA4F324EFD2E6F4893A0056FE98D52C83987C67821B459762D7FB25,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181754Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:50.243{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181753Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:50.212{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181758Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:51.701{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A98A86E0615E99ECCA86B466DD8CAB9F,SHA256=CFFED91F605971F7D2B3D191AE2F78D5C826FF635F71DA31281BC50F0E1EE85E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181757Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:51.258{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181756Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:51.227{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181764Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:52.731{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2004DD9B894EFC40833B3B72DA84A6E5,SHA256=5546C3A14E7B36AE257619BB89BB6AAB14B3E9C51E3C428469ADE6F70F03EC79,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181763Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:52.700{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181762Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:52.416{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181761Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:49.573{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51421-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181760Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:52.262{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181759Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:52.231{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181767Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:53.746{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD85A959CE14A4802CF61ABEAB52FC5A,SHA256=49B4F04B41B7B36CBB74B22282919AE65A84B6567FA0DF05D7BA27C85260DC7C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181766Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:53.278{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181765Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:53.246{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181771Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:54.761{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A92AAAE35CF0BE88F97073F2C5B150BF,SHA256=8D9B8E1B4564E9E15F86AE6C02E99810A4CD96C1198BB64808F7C0DF437B9ACB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181770Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:54.299{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181769Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:54.261{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181768Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:54.062{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\11806MD5=E8F1C7A94A78BBDA341AFBFA09EB6DE2,SHA256=2CF632AD95DAF4C0ECFF9DCE2E5B779FB633AF5A8BE355FA0E148AE6CDB67BC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181794Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.782{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AB0444B0077320B13F569F358EFC289,SHA256=336DCA6BDA434F5B673A627A33F7F27E692C7A2155885952E8A36883DA7E1D3D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181793Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.682{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9507-620B-E40F-000000003702}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181792Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.681{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181791Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.681{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181790Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.680{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181789Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.680{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181788Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.680{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-9507-620B-E40F-000000003702}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181787Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.680{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9507-620B-E40F-000000003702}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181786Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.677{BD6F876E-9507-620B-E40F-000000003702}2376C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000181785Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:53.443{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50650- 354300x8000000000000000181784Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:53.440{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local64846- 354300x8000000000000000181783Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:53.440{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local49351- 10341000x8000000000000000181782Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.314{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181781Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.277{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181780Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.214{BD6F876E-9507-620B-E30F-000000003702}76125824C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181779Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.014{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9507-620B-E30F-000000003702}7612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181778Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.014{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181777Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.014{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181776Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.014{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181775Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.014{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181774Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.014{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-9507-620B-E30F-000000003702}7612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181773Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.014{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9507-620B-E30F-000000003702}7612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181772Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:55.015{BD6F876E-9507-620B-E30F-000000003702}7612C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181807Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.797{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B54453E4017294910C5771C3637BC002,SHA256=0957526F59471E8201508767FADC42B259B6469F653701D0E2421F0DCE37134A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181806Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.345{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9508-620B-E50F-000000003702}7448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181805Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.345{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181804Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.345{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181803Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.345{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181802Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.345{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181801Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.345{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-9508-620B-E50F-000000003702}7448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181800Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.345{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9508-620B-E50F-000000003702}7448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181799Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.346{BD6F876E-9508-620B-E50F-000000003702}7448C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181798Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.329{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181797Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.298{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181796Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.029{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E614CED76F8232E8B2AAF6C4D04FDEF3,SHA256=A9974177389547FBB54B0C0BC5041B68742EC134C0F642F135114F9E6B5B74AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181795Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:56.029{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BA1B5D7600EAF6E61B2A1692F4D33B49,SHA256=8B87D10B269409A0CEB51D925E9AEFB200CB694C17983D9E888CF881B4ECD5A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181823Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.812{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6ED278B26302C2885B7F6B80548BCFCB,SHA256=DB9D7C71535EAA890F63BEC3A9DF6817CBD7281389CC462693492ECD30F41971,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181822Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.712{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181821Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.428{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181820Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.360{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E614CED76F8232E8B2AAF6C4D04FDEF3,SHA256=A9974177389547FBB54B0C0BC5041B68742EC134C0F642F135114F9E6B5B74AD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181819Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.345{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181818Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.299{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181817Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:54.622{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51422-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181816Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.244{BD6F876E-9509-620B-E60F-000000003702}70087908C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181815Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.013{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9509-620B-E60F-000000003702}7008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181814Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.013{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181813Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.013{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181812Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.013{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181811Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.013{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181810Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.013{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-9509-620B-E60F-000000003702}7008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181809Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.013{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9509-620B-E60F-000000003702}7008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181808Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:57.014{BD6F876E-9509-620B-E60F-000000003702}7008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181826Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:58.826{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADD37DA9A7F8B1B8294BF8E8F9BFAE40,SHA256=0E36AAC9B513E832D7439AB3EA3CA9341355FA98B7E9634C7A244E67E8330747,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181825Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:58.358{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181824Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:58.311{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181829Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:59.841{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05B38D4B8C74C2C2486ED87D65EF51D4,SHA256=4B3F31838D8B1B5CC165F08B86B09CF05484E1FB24FB004FF1F77E08D137C28B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181828Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:59.373{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181827Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:59.326{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:00.856{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A88506FBA1A7866A7A0B7C67DC8AEE6E,SHA256=7C116ED86E97593559CE2DFD628658016E5C52CFCE5112E20B5DD38B54FA1F6D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:00.373{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:00.341{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:01.893{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64A5D20E14D5F163C00A2D4132178A75,SHA256=8A0EEDABDBCB04386CF78B85C5191FBAD75D433F556A81D1E5175F96AAC4174B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:01.425{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F245737910B1689263E51D9B2C812A52,SHA256=BC5534B78CD955FF7437723428C495B33C8D6A952F2A6951BF7731B28B08E32D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:01.394{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:01.356{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:02.909{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05BB23D99E416F99B194C3F97D9E0A37,SHA256=FCB54F0753CD48C0A6F8F4C565ACF981742A16253A55B4C55B5C5AA17BBD25D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:02.724{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:02.440{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:59.786{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51423-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000181839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:56:59.786{BD6F876E-5D70-620B-2300-000000003702}2764C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51423-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 10341000x8000000000000000181838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:02.393{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:02.371{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:03.923{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E26762F3A32401CABB0DF6DBDD559C5C,SHA256=9CAD776632E6A5FFB41C875A967770B1330D0EB0AD6BD44B2B29975E17C03A2A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:00.548{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51424-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:03.408{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:03.392{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:04.923{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC4B0B30D76B34DBD41A1D4763EDE1D9,SHA256=101FDC5CD54A5CFAA4AA5CED5AD6C63441F629FC5A81CF24FA2A46E96BB35666,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:04.423{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:04.407{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:05.954{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F30999145F2C58E925C8D0FADD901AB,SHA256=51624F35375E64FF42B6C8F153AC5DC8D9645838A787C1447FC7875E29C4856A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:03.602{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local62845- 354300x8000000000000000181853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:03.570{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55633- 10341000x8000000000000000181852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:05.423{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:05.408{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:06.990{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=258C4F82B900C22A2C58C8672FA93809,SHA256=5173C951E1F36FB00127A4AEA4D5FBB212E15390B60B8E8051A735104AA121C0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:06.438{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:06.422{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:07.992{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=797B2802C7C652626E7C1F34752E1DDF,SHA256=F43D19F5EACEA9BE9997AFCD07985930CF2EB094D727A979486A83BFF6973838,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:07.738{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:07.453{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:07.453{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:07.437{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:06.549{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51425-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:08.454{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:08.438{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:09.468{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:09.453{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:09.206{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\32140MD5=501D461166A4B595350F8DA284310E5F,SHA256=9BA223058EEF20FACC70A10BA907D0890AE510847C60258BE10EAD9F0C9A8787,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:09.022{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D4B180CAB49BD0858D0830EA2898A55,SHA256=0E681A28507ECB178D2385F2452D4AA1597AB3E3A944C91F3DFFB6BD543D9997,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:08.404{BD6F876E-5D62-620B-0F00-000000003702}356C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse58.69.124.14358.69.124.143.pldt.net53405-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local3389ms-wbt-server 10341000x8000000000000000181873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:10.468{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:10.467{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:10.036{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=117EEA0A4FD36B9809D0BA78A66866AD,SHA256=81368C8B8EAD078EE22B7B98B6175B42665BBD922806A510BF67EB59FECB696A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:11.488{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:11.468{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:11.104{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5D866C45644457639BBA20306CB30BD8,SHA256=0282B1795E2FD8CF6720554C0E572F999382FBAD2A18FA072A975D4072BB8063,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:11.104{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7E5486924C7DEC3D3687B5AB31AF3139,SHA256=B17A6D1D3E87D2CDAEB11A1BA5656A94B1C3F0818E8E7C8A85086DDC82211CCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:11.051{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C8AB6A262026A1B25A871239FA6F473,SHA256=2AEDE28315023FD6BA2A85507F36F42C31DBB8593375BE02E8E605CA76BC1B90,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.749{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.634{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9518-620B-E70F-000000003702}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.634{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.634{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.634{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.634{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.634{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-9518-620B-E70F-000000003702}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.634{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9518-620B-E70F-000000003702}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.635{BD6F876E-9518-620B-E70F-000000003702}5056C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.503{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.487{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.465{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.072{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=208D8EE308DBE0A10C22AA003921E295,SHA256=E20795311E2D6AC8A82ABBBF631FA533095AAE026A0113C58B9F9F837A2B5BE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.649{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5D866C45644457639BBA20306CB30BD8,SHA256=0282B1795E2FD8CF6720554C0E572F999382FBAD2A18FA072A975D4072BB8063,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.517{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.502{BD6F876E-9519-620B-E80F-000000003702}84605080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.502{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.317{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9519-620B-E80F-000000003702}8460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.317{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.317{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.317{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.317{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.317{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9519-620B-E80F-000000003702}8460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.317{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9519-620B-E80F-000000003702}8460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.319{BD6F876E-9519-620B-E80F-000000003702}8460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.086{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85042742B020ADE62F715122047493FF,SHA256=AF2DF6476258F8C96FFF09C176379EA84FB34010D328E59D6EB2C1B94C28AB71,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:12.427{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51426-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.518{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.503{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.318{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\786MD5=D3C0FA867E664BDC5CE88213FE6F936B,SHA256=9B86889F2DF81674A0D255D0FD16A9C980D330525DD07E63F182CD9BF992182D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.249{BD6F876E-951A-620B-E90F-000000003702}29968372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.087{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3BC5DBF936510D67A870340C4D4BF74,SHA256=AA6532F525D6CE4D0E6E1FC6A4A050003671D8AF06A0B58E6397424D71FB1AFF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.003{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-951A-620B-E90F-000000003702}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.003{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.003{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.003{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.003{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.003{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-951A-620B-E90F-000000003702}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.003{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-951A-620B-E90F-000000003702}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:14.004{BD6F876E-951A-620B-E90F-000000003702}2996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000181929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.712{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local62838- 354300x8000000000000000181928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.712{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50476- 354300x8000000000000000181927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.682{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local57028- 354300x8000000000000000181926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.681{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55287- 354300x8000000000000000181925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:13.680{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local52399- 10341000x8000000000000000181924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:15.519{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:15.519{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:15.133{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\datareporting\glean\db\data.safe.binMD5=1121BFDF531941199FC42055BDCCCC21,SHA256=6D67BA626B5D736884CE7F01373389B71B6DA4E6D996C029E425785D7B2E1DC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:15.102{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21F807DE39F07C7B61B9AB381B511EAC,SHA256=1EC02D970017D578BB2ACEF5A8BBFA71C9450FDBFACBFF86AAFC43EDB251A59B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:15.018{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=589B4189FF32A9418F6E2B9E8543B00F,SHA256=6BA0D0F9302C2DE1BC9C6401085FF52873BCCD43C1E00C66F50A25FD97698EF5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:16.533{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:16.533{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:16.118{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3D219A224122F7E673BDDCBD73F7D5D,SHA256=7295CAC80844F662DB78ADCD2F91877C54B62AA5B8C9FD97088DB6C14D2F105E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:17.749{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:17.534{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:17.534{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:17.465{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:17.133{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD9B1533626FA960A66DFBFE3173D032,SHA256=BE2D86FAB6293A7B5A41A65CDDE558E50E2731CD4CB645215875CC0737455560,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:18.549{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:18.549{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:18.149{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC4925C1DD8ADCAA383D34D3436A0CD8,SHA256=59515B0EBEC6A54606D152FE8D83C5EB075BAA9D92C99BC7E8F5A6A0DCA2FC87,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:17.479{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51427-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:19.563{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:19.563{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:19.166{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A32A5720F8FDCBF7D5738D085CD92B7,SHA256=99DD5EE3A2531C7E8CAC2CE659EB21215EA4CEE99169C4B8F602AE41A9ADC129,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:20.584{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:20.563{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:20.185{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=324D18B1D702F4C790C603BF3B2528D2,SHA256=7E44236FCF253237A32D458362480C666023A11AF37FA601A3E11021E743FD9D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:21.599{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:21.563{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:21.199{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=608D663CB0B62984E6EBD5B20BA6E1F8,SHA256=B2E6854CF80093B3EBC3CFAE3D9C33CB1502C1B9CB410E0D85711B4E549D6BC0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:22.761{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:22.614{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:22.583{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:22.483{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:22.214{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D454386AC9742073507690701AFA79F1,SHA256=891ADE8CF07DC391565D84F6B5257BFDA72255A57713094A2B01AF9CADE8C399,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:23.617{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:23.586{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:23.229{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A06413D08C16FC7066B238D2F052427,SHA256=A5A9A2B42C51E9334356F26CC62A36F0EE32FFD78942CB3DCDBB44D9391C0EAC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:24.632{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:24.601{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:24.248{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58B05269FF683752562739334B5D7CC3,SHA256=C43AC5D09D4E6AFBD73FECF40ECEE494D6C39556DA16025639608ABBE45A6402,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:23.767{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local56584- 354300x8000000000000000181966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:23.764{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local64551- 354300x8000000000000000181965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:23.444{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51428-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:25.635{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:25.604{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:25.266{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3FBA6DB59C4DD20628A5D8EA8BE320B,SHA256=06AB3AB3A8D9004F639225D4EC1C16DA82B0AA5047ADE9C421BE2274508EAABA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:26.636{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:26.605{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:26.271{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=618084D6E21A6207BC91E6EE323160BB,SHA256=F60B41B6CE1B799ADD0E0A5CFBD6202E0DB4027B657098E76CC4F268AAD9879C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:27.767{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:27.651{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:27.604{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:27.489{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:27.289{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F40E80C1AE109805ADE53F5B25163CD,SHA256=55657999C17FE0745FF2EE1CD7C3DB62D7A4E22ED7EFE61DB06C362937EA9ECF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:28.651{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:28.605{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:28.289{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8D370B2C7836E9FC681D974E5782DE0,SHA256=413C6ED2BCD8AD34FA8611E7DED06F7BCB8D5D26520FD9042BDDA104F98AA339,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:29.666{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:29.619{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:29.388{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\15263MD5=00FFA52B3B73D3164705DC1409EB9389,SHA256=7CEAF3869676FBAC2B02820962A0D7493F8C63D7A37861519A67ADD917A119D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:29.304{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C78E5E742390C59C1EAA63B570D0C193,SHA256=F3C292D520A58C70CD8646DF68105E01F75A301961AD09DD75473B9948B075EF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:28.528{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51429-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:30.687{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:30.634{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:30.318{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26A0DA49147CC401E8E74E295C1F4D6F,SHA256=2B758F6F322F21573642A08D149102AD18ACFFA04B180C1BC4A1D12748D292AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:30.187{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\datareporting\glean\db\data.safe.binMD5=4C9DAED209941F9922F01D79431FCF4A,SHA256=49E5315FDCEB1301397802E68569A46BB294ADF46E75D39FF09F1BF599FC4DE1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:31.687{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:31.650{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:31.319{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABE4A5985F6E4614D3E093CFDEBD4E70,SHA256=448D490C1F391538CB814D80B35F53E5FD0481C26A80C012615041CE50602B14,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:32.769{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:32.688{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:32.650{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:32.503{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:32.350{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BF7CD9B23F7E1E032AB6406139740F6,SHA256=ECCB9FC59D691EBBB8667ACCAA2CCA8DDB3DAFD9328E17DA424D5A35B46C833B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:33.702{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:33.665{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:33.369{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A90B350F6A633A9C66BB9AACB2FC76E5,SHA256=5408C1A8F38DA25FEC3FC694514F847AAC5747B2DA3BF663F616E8213F8985B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:33.287{BD6F876E-5D62-620B-1000-000000003702}400NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=9AEF40A4CC65B7DAC5293FD8E1B7EAA2,SHA256=EBF3E5F0E996D371E0E70C247A3C3D850EFC42F0E945FD3F89221B35232BA5B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:34.716{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:34.685{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:34.532{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\16453MD5=3B6553ACFF0991AD69D10C757418A37B,SHA256=2DC4A0B062FBAF28F95FA1CBD43426617752ED9408BD896135FDBA71341BB34F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:34.385{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E42C9E0385CBA6366E663BD46074CECB,SHA256=7DE30C15B35A1F5892BDE5430189651112792E1202336C07BF966A6F41A69663,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:35.731{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:35.699{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:35.415{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBD79E75CDA627B7C2C4242D8ADAD5EE,SHA256=ED641633B600FB1A1B527DB81F0EECC2ED2B2F5F7850AEA9357BD54361D1E615,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:36.745{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:36.714{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:36.430{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFBABCAC7183E42C79D27FA4803931B3,SHA256=D0655587C98BEBD91D793CC22F4C8A75EBC2DDD3083ACBDAE03B08D547D8F109,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:33.895{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54018- 10341000x8000000000000000182016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:37.781{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:37.760{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:37.728{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:37.513{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:37.444{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F74B84C9C06F28D1F811B87C11277E60,SHA256=58B1CAF6E50C6CB6F1AD42C983918041202299A03081CE226F03CD6520D89801,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:34.440{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51430-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000182019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:38.780{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:38.743{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:38.481{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD2BEBE44FE37A550FC2C74BB907DD27,SHA256=9251E63A32A13A2455877FB04B05B7DE1B26AA3ECA1907AD70F3A004530748D7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:39.795{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:39.758{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:39.496{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4F41E2D6C199D5C161B7D5AA3939432,SHA256=5A04FB4016C2EC9A08BEB4C200F1E704F3552C8DA057510ADE4225154A45A945,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:40.811{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:40.758{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:40.545{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\respondent-20220215075946-231MD5=7025492FB1EC8C8269D41863CFF34962,SHA256=B1F3EABB43E02B60652A4A1B84340FC0A4954EF456DB30059A9A5966425DEB16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:40.527{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=405D986BD14789CCD0776A3894AA735D,SHA256=4FE57817473B30250E1FC125A70C44B5A0FA1FD5AE3409D03969C60EA26A7D61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:40.342{BD6F876E-7484-620B-4E03-000000003702}4596ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.datMD5=58FDE1A71D2ADB272DABB3A92B406559,SHA256=555933C7D5D49EBF3648EE1EF420E0C71835139B8A8DEF8FBA64C9EBE48B0C32,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:41.812{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:41.759{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:41.543{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\surveyor-20220215075944-232MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:41.527{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A31D297AB74B2E50448D54C9D414DA49,SHA256=D282256CB11F7EC55F5A2A5B2DB2906F99DB88964CBE9C22D75D8AF43BB78E0F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:42.813{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:42.781{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:42.760{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:42.545{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0674733418E16CA109976AA8F5CA6D50,SHA256=9EB7E7473C9B2F1544420BA64757E457E75F509120535E02F9F1C5E747BA13E0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:42.514{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:43.828{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:43.781{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:43.563{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E12DC72B917C29B09648CDE3C41F798,SHA256=355A67323BFCAC974F2C618FF780233C07F00E6EFAD61C5A33302A6DCAA7ED81,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:39.588{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51431-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000182043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:44.843{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:44.796{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:44.580{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=729AE4686DECAC945EAC8012AFB1260E,SHA256=183D2DA4044B6C9F8347474053B128A0AD61DB203F558761E2FEC11A94CA9BED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:45.858{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:45.796{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:45.712{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:45.712{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:45.712{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:45.712{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:45.596{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92A3E277A518492ABE6C7E183BE6CD33,SHA256=ACAC7B777AD2BA72A3D1778913EE8015F0110020825ABA7F4CD5B7D274B0FBAD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:46.862{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:46.799{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:46.599{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7260CFD587C6829D56911405D00F80E5,SHA256=0F29E9CF4334D39A137DBC0C097D854B714E92B2CEEAF223FB71EA9D232FD353,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:44.059{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local57124- 354300x8000000000000000182052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:44.022{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55312- 354300x8000000000000000182051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:44.020{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50815- 10341000x8000000000000000182062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:47.882{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:47.814{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:47.783{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:47.630{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21FE9CD1EFAC9B83B37164A310104050,SHA256=6BA04061199A0C58CED04362FC90A3B7D7C3A41BBF3955098664E45DB07D0897,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:47.514{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:47.499{BD6F876E-5D70-620B-2B00-000000003702}2972NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=5EFB71941B65BFE05A751CD111932B40,SHA256=6E184D6D7F6FC2ADF175024AF93B2E137C05DBDE01B1E30F412273C3585EB82F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.944{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98FF41BBBE830E9686EAC6FB6D0E11B3,SHA256=027B6CA6645256B7E43C972CE633237F4FDBB6758279BB292D6BB7685DBCAF8F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.897{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.829{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.667{BD6F876E-7483-620B-4703-000000003702}41164232C:\Windows\system32\taskhostw.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.593{BD6F876E-7484-620B-4E03-000000003702}45964852C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\NPSMDesktopProvider.dll+1be4a|C:\Windows\System32\NPSMDesktopProvider.dll+1226e|C:\Windows\System32\NPSMDesktopProvider.dll+12835|C:\Windows\System32\NPSMDesktopProvider.dll+67dc|C:\Windows\System32\TwinUI.dll+7c9e8|C:\Windows\System32\TwinUI.dll+75fcd|C:\Windows\System32\TwinUI.dll+75ba3|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.593{BD6F876E-7484-620B-4E03-000000003702}45967036C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+617df|C:\Windows\System32\SHELL32.dll+63325|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.593{BD6F876E-7484-620B-4E03-000000003702}45967036C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6323e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.593{BD6F876E-7484-620B-4E03-000000003702}45967036C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61a34|C:\Windows\System32\SHELL32.dll+63207|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.577{BD6F876E-7484-620B-4E03-000000003702}45967484C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+617df|C:\Windows\System32\SHELL32.dll+63325|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.577{BD6F876E-7484-620B-4E03-000000003702}45967484C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6323e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.577{BD6F876E-7484-620B-4E03-000000003702}45967484C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61a34|C:\Windows\System32\SHELL32.dll+63207|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.577{BD6F876E-7484-620B-4E03-000000003702}45967484C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.568{BD6F876E-7483-620B-4703-000000003702}41164232C:\Windows\system32\taskhostw.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.563{BD6F876E-7483-620B-4703-000000003702}41164232C:\Windows\system32\taskhostw.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cd4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.544{BD6F876E-7484-620B-4E03-000000003702}45964936C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+617df|C:\Windows\System32\SHELL32.dll+639b0|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.544{BD6F876E-7484-620B-4E03-000000003702}45964936C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47d70|C:\Windows\System32\SHELL32.dll+6396c|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.544{BD6F876E-7484-620B-4E03-000000003702}45964936C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61a34|C:\Windows\System32\SHELL32.dll+63940|C:\Windows\System32\TwinUI.dll+12d711|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.544{BD6F876E-7484-620B-4E03-000000003702}45964936C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d549|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000182077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localEXE2022-02-15 11:57:48.529{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exeC:\a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92.exe2022-02-15 11:57:48.529 10341000x8000000000000000182076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.529{BD6F876E-5D61-620B-0B00-000000003702}6242432C:\Windows\system32\lsass.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.529{BD6F876E-5D61-620B-0B00-000000003702}6242432C:\Windows\system32\lsass.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.513{BD6F876E-5D61-620B-0B00-000000003702}6242432C:\Windows\system32\lsass.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.513{BD6F876E-5D61-620B-0B00-000000003702}6242432C:\Windows\system32\lsass.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.513{BD6F876E-5D62-620B-1600-000000003702}13002484C:\Windows\system32\svchost.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.513{BD6F876E-5D62-620B-1600-000000003702}13001344C:\Windows\system32\svchost.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6144|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.497{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.497{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.497{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.497{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.497{BD6F876E-7481-620B-3B03-000000003702}35724584C:\Windows\system32\csrss.exe{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.497{BD6F876E-7484-620B-4E03-000000003702}45962196C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\7-Zip\7-zip.dll+545c|C:\Program Files\7-Zip\7-zip.dll+67e5|C:\Program Files\7-Zip\7-zip.dll+6fbe|C:\Program Files\7-Zip\7-zip.dll+70d9|C:\Program Files\7-Zip\7-zip.dll+8e20|C:\Program Files\7-Zip\7-zip.dll+c301|C:\Windows\System32\SHELL32.dll+80407|C:\Windows\System32\SHELL32.dll+6731e|C:\Windows\System32\SHELL32.dll+17c35c|C:\Windows\System32\SHELL32.dll+19eb28|C:\Windows\System32\SHELL32.dll+2846f3|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+17c600|C:\Windows\System32\SHELL32.dll+179a7e|C:\Windows\System32\SHELL32.dll+73861|C:\Windows\System32\SHELL32.dll+76746|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15 154100x8000000000000000182064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:48.507{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe21.077-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\" -an -ai#7zMap8574:160:7zEvent2827C:\Windows\system32\ATTACKRANGE\Administrator{BD6F876E-7482-620B-5244-1F0000000000}0x1f44522HighMD5=300B8E1F636DCDE7269EF18600493819,SHA256=3AEF7662DCDBBC952A3ECD3677DA943EF3D4AECB5BD624625B6B176B1B5CE617,IMPHASH=C60649CDE63EC51599F93CD2D0157322{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 354300x8000000000000000182063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:45.459{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51432-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000182102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:49.912{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:49.843{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:49.681{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B4E64E529BBDE091FAD1E5732FE7401,SHA256=2F9E5E4650E4EB626ED66F8833B92406EA738D3D2E6031474C1CC2CA0372BC99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:49.660{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\27103MD5=DF41565E90938A8A147D6B0D2FDD0E50,SHA256=A1269D14FA1E61743F5D633DA15760098828456B89648F23E91AF1F816FC90C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:49.512{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C82FE42932EAFD02F9FBB140C196B75A,SHA256=536547F9C3B06D0C446634D3A406F46B2AF89A7917B7ABF0B48D3EE0A3973E2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:49.512{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1FFC226C5C413AD8256215A41B77C11D,SHA256=7BC580841CD0A10888D9601FD5480F5A8274C34DF0DCE47066FC67E963D96E92,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:46.875{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51433-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x8000000000000000182105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:50.926{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:50.858{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:50.711{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06D847EA54A2F2F24FFBFD3C9FC663D1,SHA256=9F9C01D2822D7143D38D874A43D99FC862E762D67E3C1F88AFCED84B5CA1C5E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:51.931{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:51.858{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:51.841{BD6F876E-7484-620B-4E03-000000003702}45967036C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+617df|C:\Windows\System32\SHELL32.dll+63325|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:51.841{BD6F876E-7484-620B-4E03-000000003702}45967036C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6323e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:51.841{BD6F876E-7484-620B-4E03-000000003702}45967036C:\Windows\Explorer.EXE{BD6F876E-953C-620B-EA0F-000000003702}3440C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61a34|C:\Windows\System32\SHELL32.dll+63207|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+15450f|C:\Windows\System32\windows.storage.dll+15328f|C:\Windows\System32\windows.storage.dll+15622f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39d09|C:\Windows\SYSTEM32\ntdll.dll+1e89a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:51.726{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40DD809A2ACB2257E6C36619225BFBD7,SHA256=B1A0E4BB1C0F2ED33B22F4352F1AA7C6B431ABA845A4ABF82B2A07C5A6139A45,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:52.941{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:52.879{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:52.794{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:52.726{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=573956B88F3BA3A0696F0DA3A1EC11AA,SHA256=6DC30E314C7E920A9FD69AD8E97CFC8838050D474C927703EB6C4F169DF113C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:52.526{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:53.942{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:53.879{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:53.726{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46AC673DA1B08A595951A82781B0BBD3,SHA256=BDBD00430DB3B880F964D4D0E6D76DD30811143A16FA7A7F4733D9041AF0234B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:50.603{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51434-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000182124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:54.957{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:54.879{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:54.763{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CFB2B55902E0E630209AB0C5F266327,SHA256=EFDFA2E6B7E1E26A8F5F597B068D2DBE6CB134BA83527EFD5C553CC06949410B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:54.725{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\29078MD5=24A4D0E22F7C429C80DF5FBD214A0174,SHA256=D3978D36F75CA11C243D1323883FEF0C3CBDE8FBBA903258B72C70163BFA881E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.958{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.879{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.779{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1289DFD2F31FFDC70A1BED60CDCD5084,SHA256=CD2FAA8F7D05FA2AE55D1797DDCF1CE77C3A3DBA91270C5876C6DCE5DA14E476,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.694{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9543-620B-EC0F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.694{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.694{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.694{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.694{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.694{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9543-620B-EC0F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.694{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9543-620B-EC0F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.695{BD6F876E-9543-620B-EC0F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000182132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.042{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9543-620B-EB0F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.026{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.026{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.026{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.026{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.026{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-9543-620B-EB0F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.026{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9543-620B-EB0F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:55.027{BD6F876E-9543-620B-EB0F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000182160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.979{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.879{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.794{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6473F37A0F132CDACAB8F94E3EB08C15,SHA256=3C2F3E9605C7E6ABFA588EFB078EB77FDD1211E02110CB232B72E03BDD63B0B1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.595{BD6F876E-9544-620B-ED0F-000000003702}3008792C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.399{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9544-620B-ED0F-000000003702}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.383{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.383{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.383{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.383{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.383{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9544-620B-ED0F-000000003702}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.383{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9544-620B-ED0F-000000003702}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.384{BD6F876E-9544-620B-ED0F-000000003702}300C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000182148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:54.141{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55507- 354300x8000000000000000182147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:54.112{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local63884- 354300x8000000000000000182146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:54.111{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local57742- 23542300x8000000000000000182145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.027{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0B062DD6E3D6E2BE05B64DAC7D1C16D0,SHA256=BF9BFA58AB6DAC2B3DD6F9DA0CD8479D7C256E5E971447D2FF73E3F77D2FC5E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.027{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C82FE42932EAFD02F9FBB140C196B75A,SHA256=536547F9C3B06D0C446634D3A406F46B2AF89A7917B7ABF0B48D3EE0A3973E2D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.994{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.894{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.810{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04616984EB6870B726E960B4671B1884,SHA256=2D4EDC6DB89B8043DABA019323A12BC6B455C7EF22A0DC49E0F3C22BC6FFB87A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.810{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.532{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.394{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0B062DD6E3D6E2BE05B64DAC7D1C16D0,SHA256=BF9BFA58AB6DAC2B3DD6F9DA0CD8479D7C256E5E971447D2FF73E3F77D2FC5E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.359{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=718CB983BA2B4F4A0E97D67EA6F6E093,SHA256=C7DEA6A7C3B4ED687DAD84B4DB54AB53725EFF54369748D495C73BDE7290DE5C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7486-620B-5303-000000003702}4212C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7486-620B-5303-000000003702}4212C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7486-620B-5303-000000003702}4212C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.278{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.225{BD6F876E-9545-620B-EE0F-000000003702}71088964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.063{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9545-620B-EE0F-000000003702}7108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.061{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.061{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.061{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.061{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-9545-620B-EE0F-000000003702}7108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.061{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.060{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9545-620B-EE0F-000000003702}7108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:57.058{BD6F876E-9545-620B-EE0F-000000003702}7108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000182215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:58.909{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:58.815{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78910BC32123FAFCFF82A096F0E89F56,SHA256=43C29CD5179EC8439CAABD009791F1667C8EE2576F51C6EC7089137A90F9C273,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:59.914{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:59.841{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F67C7E6EB17CC347811A2DE5824E3800,SHA256=B2C7F721B1939AD6FED737F42C8981B5596F5C62A6A57D597EC90F6280F55467,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:56.617{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51435-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000182216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:59.008{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:00.924{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:00.858{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=297E312AD999893B6D4081686A5FF3B1,SHA256=9A6C795B665EDD6254C1DC942AB900F98010B60F59BC1CA42222B4BE61E62F4C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:00.009{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:01.925{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:01.894{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46E856C62D3C76D7711BFD8A77DB0340,SHA256=9CE5931F84968D7EE45F76A9ADCC085269EBD55F3549709CE7373854DAEF4048,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:01.426{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9F62AF5477F2A9644E89DD745D128659,SHA256=A2B82C345E491F83641C17A5C8EFC9EBB0C4D1408EBF94FBBDC072BA8427EDAB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000182224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localEXE2022-02-15 11:58:01.126{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXEC:\Temp\a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92.exe2022-02-15 11:58:01.125 10341000x8000000000000000182223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:01.024{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:02.926{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:02.910{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8EAC186FF95F4C41A94C66E08454E2C,SHA256=F7279A9823586E1BAE9F759E56EFBD8CED4DA15DF7E9B14732F8CFCD0941A64A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:02.810{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:02.541{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:59.801{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51436-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000182229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:57:59.801{BD6F876E-5D70-620B-2300-000000003702}2764C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51436-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 10341000x8000000000000000182228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:02.025{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:03.941{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:03.925{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=377EC61C8A64B782FC87AD622AB450FA,SHA256=D4FC5ABAAB83FF90DBCC7F18D4C89B4EEE59D7EDC89F39528AE96EF906AA1AC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:03.026{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:04.952{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:04.936{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D200B8D822CB9BA634F8CAB5B28522DA,SHA256=FF026AB9C00085DB84B846CC3969F7234A4728E8D902D59F7E9F028ABC44F7B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:02.486{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51437-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000182238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:04.041{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:05.952{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:05.952{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=472598FFC7A6FEBEF4BD233C2195B84B,SHA256=8ABAB0EC81862DD0EC0207133B6A346C1802A9E0CD50229E15E1C65A235A09A9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:05.056{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:06.977{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8C64F6574BD549CB2E9F495606D92ED,SHA256=71C2249BD9C5A56859040847E1FFD1818624BE0139370CAFAA4C9D0BAECE470C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:06.956{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:06.078{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:07.992{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39DBE5D18881193E874DB8565F05B078,SHA256=C313DC73499677FB68D124C8F71C090742AF745EC7CE79446678948B9581EAB8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:07.956{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:07.824{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:07.555{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:04.183{BD6F876E-5D62-620B-1300-000000003702}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse127.0.0.1-62747-false127.0.0.1-53domain 354300x8000000000000000182250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:04.183{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-62747- 354300x8000000000000000182249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:04.183{BD6F876E-5D62-620B-1300-000000003702}972C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue7f00:1:0:0:98d0:c481:87d5:ffff-62747-true7f00:1:0:0:0:0:0:0-53domain 10341000x8000000000000000182248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:07.093{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:08.976{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:08.108{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:09.991{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:09.775{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\4592MD5=4413EF9B0390AD9167412B01FC45A4F3,SHA256=CFCC84F0F45650CB3BD8B6B9FB9F4D96A63EB20AA3B3C42AE9F31B76580C03E2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:07.500{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51438-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000182259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:09.117{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:09.007{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80219A84C3117364E550A15F8331CF9D,SHA256=07B1B8082C4D03F5CC63256496EB1F02DB9179F45DDF560630E60BAC804505B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:10.122{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:10.022{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8933BBA90152F153726F4449D0F3E1B2,SHA256=92606D4EE64FF8DE9DFCD61B9AB1E2CA8432F551B9639751DC9CDCF03989E806,IMPHASH=00000000000000000000000000000000falsetrue 924900x8000000000000000182280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.758{BD6F876E-9553-620B-EF0F-000000003702}9156C:\Temp\whispergate_mbr.exe\Device\Harddisk0\DR0 10341000x8000000000000000182279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.720{BD6F876E-5D62-620B-1300-000000003702}9721804C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.689{BD6F876E-5D62-620B-1200-000000003702}3967024C:\Windows\System32\svchost.exe{BD6F876E-9553-620B-EF0F-000000003702}9156C:\Temp\whispergate_mbr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000182277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localInvDBSetValue2022-02-15 11:58:11.689{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exeHKU\S-1-5-21-3597030025-2726966689-1449308675-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\whispergate_mbr.exeBinary Data 10341000x8000000000000000182276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.689{BD6F876E-5D62-620B-1200-000000003702}396224C:\Windows\System32\svchost.exe{BD6F876E-9553-620B-EF0F-000000003702}9156C:\Temp\whispergate_mbr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.689{BD6F876E-5D62-620B-1200-000000003702}396224C:\Windows\System32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.689{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.689{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.689{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.689{BD6F876E-7481-620B-3B03-000000003702}35722324C:\Windows\system32\csrss.exe{BD6F876E-9553-620B-EF0F-000000003702}9156C:\Temp\whispergate_mbr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.689{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.689{BD6F876E-7484-620B-4E03-000000003702}45964952C:\Windows\Explorer.EXE{BD6F876E-9553-620B-EF0F-000000003702}9156C:\Temp\whispergate_mbr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a90ff|C:\Windows\System32\windows.storage.dll+a8d75|C:\Windows\System32\windows.storage.dll+a8866|C:\Windows\System32\windows.storage.dll+a9cd8|C:\Windows\System32\windows.storage.dll+a868e|C:\Windows\System32\windows.storage.dll+ab4a5|C:\Windows\System32\windows.storage.dll+ab824|C:\Windows\System32\windows.storage.dll+aae60|C:\Windows\System32\windows.storage.dll+ad68a|C:\Windows\System32\windows.storage.dll+ad442|C:\Windows\System32\SHELL32.dll+3fa6d|C:\Windows\System32\SHELL32.dll+3e606|C:\Windows\System32\SHELL32.dll+80381|C:\Windows\System32\SHELL32.dll+6731e|C:\Windows\System32\SHELL32.dll+18cf1c|C:\Windows\System32\SHELL32.dll+18cc73|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.692{BD6F876E-9553-620B-EF0F-000000003702}9156C:\Temp\whispergate_mbr.exe-----"C:\Temp\whispergate_mbr.exe" C:\Temp\ATTACKRANGE\Administrator{BD6F876E-7482-620B-5244-1F0000000000}0x1f44522HighMD5=5D5C99A08A7D927346CA2DAFA7973FC1,SHA256=A196C6B8FFCB97FFB276D04F354696E2391311DB3841AE16C8C9F56F36A38E92,IMPHASH=3A2A2DE20DAA74D8F6921230416ED4E6{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x8000000000000000182267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.137{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.055{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2478D4C320A92FCF18123192860FE732,SHA256=1585786B9AA4A50764AD6A1FF00FF777E3DD056EBE9F5B816AA03AEE3CA93F39,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:11.006{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.837{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.690{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C5103018049D5CBB2D1EA47514F8064,SHA256=BED60E33BBB214BC6B09A41BA69AFF939B8BC57D5802987A422125F6B0D13BB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.690{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0E20E01B652801EE8BFCE4C054C4AD9A,SHA256=DA4F27530D18E9856C6053E3AD9C21E1AE022E1187B87F9F2AAC3EC6F1F8783A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.659{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9554-620B-F00F-000000003702}1920C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.657{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.657{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.656{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.656{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.656{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9554-620B-F00F-000000003702}1920C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.656{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9554-620B-F00F-000000003702}1920C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.654{BD6F876E-9554-620B-F00F-000000003702}1920C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000182284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.574{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.151{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.073{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06EC6A335829C1A48449C929F355BB68,SHA256=6B76B12D9EC9171455F2AC54F8A44E7D8FB2DE91F2587ACFF69E79CCB54B3FD7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.020{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.858{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9555-620B-F30F-000000003702}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.857{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.856{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.856{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.856{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.856{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-9555-620B-F30F-000000003702}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.856{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9555-620B-F30F-000000003702}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.853{BD6F876E-9555-620B-F30F-000000003702}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 924900x8000000000000000182325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.805{BD6F876E-9555-620B-F20F-000000003702}6780C:\Temp\whispergate_mbr.exe\Device\Harddisk0\DR0 10341000x8000000000000000182324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.805{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.805{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.805{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.805{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.805{BD6F876E-5D62-620B-1200-000000003702}3967024C:\Windows\System32\svchost.exe{BD6F876E-9555-620B-F20F-000000003702}6780C:\Temp\whispergate_mbr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.805{BD6F876E-5D62-620B-1200-000000003702}396224C:\Windows\System32\svchost.exe{BD6F876E-9555-620B-F20F-000000003702}6780C:\Temp\whispergate_mbr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.805{BD6F876E-5D62-620B-1200-000000003702}396224C:\Windows\System32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.789{BD6F876E-7481-620B-3B03-000000003702}3572652C:\Windows\system32\csrss.exe{BD6F876E-9555-620B-F20F-000000003702}6780C:\Temp\whispergate_mbr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.789{BD6F876E-7484-620B-4E03-000000003702}45961656C:\Windows\Explorer.EXE{BD6F876E-9555-620B-F20F-000000003702}6780C:\Temp\whispergate_mbr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a90ff|C:\Windows\System32\windows.storage.dll+a8d75|C:\Windows\System32\windows.storage.dll+a8866|C:\Windows\System32\windows.storage.dll+a9cd8|C:\Windows\System32\windows.storage.dll+a868e|C:\Windows\System32\windows.storage.dll+ab4a5|C:\Windows\System32\windows.storage.dll+ab824|C:\Windows\System32\windows.storage.dll+aae60|C:\Windows\System32\windows.storage.dll+ad68a|C:\Windows\System32\windows.storage.dll+ad442|C:\Windows\System32\SHELL32.dll+3fa6d|C:\Windows\System32\SHELL32.dll+3e606|C:\Windows\System32\SHELL32.dll+80381|C:\Windows\System32\SHELL32.dll+6731e|C:\Windows\System32\SHELL32.dll+18cf1c|C:\Windows\System32\SHELL32.dll+18cc73|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.802{BD6F876E-9555-620B-F20F-000000003702}6780C:\Temp\whispergate_mbr.exe-----"C:\Temp\whispergate_mbr.exe" C:\Temp\ATTACKRANGE\Administrator{BD6F876E-7482-620B-5244-1F0000000000}0x1f44522HighMD5=5D5C99A08A7D927346CA2DAFA7973FC1,SHA256=A196C6B8FFCB97FFB276D04F354696E2391311DB3841AE16C8C9F56F36A38E92,IMPHASH=3A2A2DE20DAA74D8F6921230416ED4E6{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 13241300x8000000000000000182314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localInvDB-VerSetValue2022-02-15 11:58:13.789{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exe\REGISTRY\A\{4727834d-53ff-1bf6-aadb-ac92f5993fff}\Root\InventoryApplicationFile\whispergate_mbr.|3c29fbd79e8f1181\BinProductVersion(Empty) 13241300x8000000000000000182313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localInvDB-CompileTimeClaimSetValue2022-02-15 11:58:13.789{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exe\REGISTRY\A\{4727834d-53ff-1bf6-aadb-ac92f5993fff}\Root\InventoryApplicationFile\whispergate_mbr.|3c29fbd79e8f1181\LinkDate01/10/2022 10:37:18 13241300x8000000000000000182312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localInvDB-PubSetValue2022-02-15 11:58:13.789{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exe\REGISTRY\A\{4727834d-53ff-1bf6-aadb-ac92f5993fff}\Root\InventoryApplicationFile\whispergate_mbr.|3c29fbd79e8f1181\Publisher(Empty) 13241300x8000000000000000182311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localInvDB-PathSetValue2022-02-15 11:58:13.789{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exe\REGISTRY\A\{4727834d-53ff-1bf6-aadb-ac92f5993fff}\Root\InventoryApplicationFile\whispergate_mbr.|3c29fbd79e8f1181\LowerCaseLongPathc:\temp\whispergate_mbr.exe 924900x8000000000000000182310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.789{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exe\Device\Harddisk0\DR0 924900x8000000000000000182309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.789{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exe\Device\HarddiskVolume1 13241300x8000000000000000182308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localInvDBSetValue2022-02-15 11:58:13.774{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exeHKU\S-1-5-21-3597030025-2726966689-1449308675-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\whispergate_mbr.exeBinary Data 10341000x8000000000000000182307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.437{BD6F876E-9555-620B-F10F-000000003702}90166668C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.189{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9555-620B-F10F-000000003702}9016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.189{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9555-620B-F10F-000000003702}9016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.189{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.189{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.189{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.189{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.189{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9555-620B-F10F-000000003702}9016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.191{BD6F876E-9555-620B-F10F-000000003702}9016C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000182298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.152{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.074{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4025C234AE1B915C7DCAF915E9939486,SHA256=AD35D051D266088449DD7D9B10FAE62759F9ABA02D26243F64C83BEBBEDF31AD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:13.021{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.920{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\15466MD5=11D6DFA3438AF73BDC739C1B7A0BA151,SHA256=8280A049185794804097B7EFAD8DBE5ECABCCF30E7263C1F69FBBA443A21408B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:12.569{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51439-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000182338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.336{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE61C58A1CE14B2457EE299F12ED4FD3,SHA256=1173504C51036699AD8AD921FEF1B400A3ADDA00069D18D6D6ECDEFED0EAABFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.336{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C5103018049D5CBB2D1EA47514F8064,SHA256=BED60E33BBB214BC6B09A41BA69AFF939B8BC57D5802987A422125F6B0D13BB0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.174{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.074{BD6F876E-9555-620B-F30F-000000003702}57568140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.022{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000182344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localInvDBSetValue2022-02-15 11:58:15.819{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exeHKU\S-1-5-21-3597030025-2726966689-1449308675-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\whispergate_mbr.exeBinary Data 23542300x8000000000000000182343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:15.188{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=453C4EDA35481385435A995B49E30E86,SHA256=998DDDE3F8885B21BE2B9F5BAE5BF91025BB207DAD0EA840BF300A1C8B86EB3B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:15.188{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:15.035{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.329{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local56745- 354300x8000000000000000182353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.300{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53841- 354300x8000000000000000182352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.298{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local49823- 354300x8000000000000000182351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:14.297{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local56083- 10341000x8000000000000000182350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:16.288{BD6F876E-5D61-620B-0B00-000000003702}6244648C:\Windows\system32\lsass.exe{BD6F876E-5D5F-620B-0100-000000003702}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+97022|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2f1f1|C:\Windows\system32\lsasrv.dll+2d0d6|C:\Windows\system32\lsasrv.dll+32919|C:\Windows\system32\lsasrv.dll+30267|C:\Windows\system32\lsasrv.dll+2f1f1|C:\Windows\system32\lsasrv.dll+1752d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e 23542300x8000000000000000182349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:16.206{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66087710079922AACF8A7118F97BBD06,SHA256=C3740FF9DDC980314BF33A848DEF7635D85161B14257CD7B5D8AFE8966A473BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:16.206{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:16.172{BD6F876E-5D61-620B-0B00-000000003702}6244648C:\Windows\system32\lsass.exe{BD6F876E-5D62-620B-1600-000000003702}1300C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:16.172{BD6F876E-5D61-620B-0B00-000000003702}6244648C:\Windows\system32\lsass.exe{BD6F876E-5D62-620B-1600-000000003702}1300C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\lsasrv.dll+6ea9c|C:\Windows\system32\lsasrv.dll+e6974|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:16.050{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.850{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:15.667{BD6F876E-5D5F-620B-0100-000000003702}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local51442-truefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local445microsoft-ds 354300x8000000000000000182375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:15.667{BD6F876E-5D5F-620B-0100-000000003702}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local51442-truefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local445microsoft-ds 354300x8000000000000000182374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:15.559{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51441-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000182373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:15.559{BD6F876E-5D62-620B-1600-000000003702}1300C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51441-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000182372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:15.551{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local51440-truefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000182371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:15.551{BD6F876E-5D62-620B-1600-000000003702}1300C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local51440-truefe80:0:0:0:58c7:fa53:67cd:5eb3win-dc-tcontreras-attack-range-213.attackrange.local389ldap 10341000x8000000000000000182370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.588{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.235{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4714B7F6138B0E6291D4F2B1A52A703,SHA256=C3865F20334CE99D9024AE2C65A176E21C908797FD84A48A31638569E33F2636,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.219{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.173{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DFD2ADBB98BD877DAC2388780FAC9B63,SHA256=6C616A0EFB2B86693EFFE63FB2124219E972B96EBE6203CC091BECBA1229197D,IMPHASH=00000000000000000000000000000000falsetrue 924900x8000000000000000182366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.104{BD6F876E-9559-620B-F40F-000000003702}6836C:\Temp\whispergate_mbr.exe\Device\Harddisk0\DR0 10341000x8000000000000000182365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.088{BD6F876E-5D62-620B-1200-000000003702}3967024C:\Windows\System32\svchost.exe{BD6F876E-9559-620B-F40F-000000003702}6836C:\Temp\whispergate_mbr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.088{BD6F876E-5D62-620B-1200-000000003702}396224C:\Windows\System32\svchost.exe{BD6F876E-9559-620B-F40F-000000003702}6836C:\Temp\whispergate_mbr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.088{BD6F876E-5D62-620B-1200-000000003702}396224C:\Windows\System32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+3534e|C:\Windows\System32\RPCRT4.dll+20cc7|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.088{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.088{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.088{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.088{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.088{BD6F876E-7481-620B-3B03-000000003702}35722324C:\Windows\system32\csrss.exe{BD6F876E-9559-620B-F40F-000000003702}6836C:\Temp\whispergate_mbr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.088{BD6F876E-7484-620B-4E03-000000003702}45968468C:\Windows\Explorer.EXE{BD6F876E-9559-620B-F40F-000000003702}6836C:\Temp\whispergate_mbr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a90ff|C:\Windows\System32\windows.storage.dll+a8d75|C:\Windows\System32\windows.storage.dll+a8866|C:\Windows\System32\windows.storage.dll+a9cd8|C:\Windows\System32\windows.storage.dll+a868e|C:\Windows\System32\windows.storage.dll+ab4a5|C:\Windows\System32\windows.storage.dll+ab824|C:\Windows\System32\windows.storage.dll+aae60|C:\Windows\System32\windows.storage.dll+ad68a|C:\Windows\System32\windows.storage.dll+ad442|C:\Windows\System32\SHELL32.dll+3fa6d|C:\Windows\System32\SHELL32.dll+3e606|C:\Windows\System32\SHELL32.dll+80381|C:\Windows\System32\SHELL32.dll+6731e|C:\Windows\System32\SHELL32.dll+18cf1c|C:\Windows\System32\SHELL32.dll+18cc73|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.099{BD6F876E-9559-620B-F40F-000000003702}6836C:\Temp\whispergate_mbr.exe-----"C:\Temp\whispergate_mbr.exe" C:\Temp\ATTACKRANGE\Administrator{BD6F876E-7482-620B-5244-1F0000000000}0x1f44522HighMD5=5D5C99A08A7D927346CA2DAFA7973FC1,SHA256=A196C6B8FFCB97FFB276D04F354696E2391311DB3841AE16C8C9F56F36A38E92,IMPHASH=3A2A2DE20DAA74D8F6921230416ED4E6{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x8000000000000000182355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:17.051{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:18.255{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39E7C29EA8678A7204FA940490E11ACF,SHA256=8EE2F5668D67EB8B8BF76976096CD90ABDFC2F89208F758F402C246C016A60F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:18.234{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:18.071{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:19.270{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FB6A85B3FE1B43DA168DE46D89840C2,SHA256=8ADE6B8E96578599CEB7594CB2E32DE31E132FE40E7A60962747687EAB67286C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:19.248{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000182382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.localInvDBSetValue2022-02-15 11:58:19.117{BD6F876E-5D62-620B-1200-000000003702}396C:\Windows\System32\svchost.exeHKU\S-1-5-21-3597030025-2726966689-1449308675-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\whispergate_mbr.exeBinary Data 10341000x8000000000000000182381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:19.086{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:18.528{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51443-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000182387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:20.284{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01F675C77CDE5D3C1A73835408063AC5,SHA256=6A6B1E06A51F1970891C9092C34E97BD5DE1848B968C63B5639977C9A1376016,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:20.269{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:20.100{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:21.299{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D084D97663D7291F9C598D5DB5511D63,SHA256=5713975DB2F07DEFD4499463AFE878CCD29BE59E7AE23DA0B57D6168AF9F00B0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:21.284{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:21.115{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:22.883{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\datareporting\glean\db\data.safe.binMD5=5377A4B755F76DA8A6B7BD501B1B9CBF,SHA256=ADDD73E821D9070D3991B5C57BF428212315728F3A0D12F4E0A257D600664BF6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:22.868{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:22.599{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:22.330{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05F02D2D7419FD85266F1EB5C2B873BF,SHA256=AB23EC779C30062CEC37DAFAC3B0BBF6AF48334C6EE7D43B070B68F1265854E5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:22.299{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:22.130{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:23.367{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E961BFD1F83B9CF555CB97A4187AA51,SHA256=9EB3CAFA5C49681E51D947C31CAC5CD06C4DE6D831ED099CECF511C2D0103093,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:23.314{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:23.130{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182403Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:24.383{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB13AAEFAF2F503DEC166A7C58DDB59D,SHA256=846994A188B23C11B7C494AEBEF461C64E0AC921B82F4E041954691A17EAED2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:24.329{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:24.145{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182407Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:25.383{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC3829688686D0508C61E49E5AE7282B,SHA256=176BB9BA4B63171651160C05D4D2124D8399775A890F04ADCEDD054CCC6AA6A7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:25.330{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:25.199{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\8442MD5=5207450942D15AECB0AE36DABA0C1A83,SHA256=C63509FB4AF5D3E5E4CED227490BA9C58CE33D4A802F0E6E457E67B90EC341CB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182404Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:25.146{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182414Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:24.444{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51444-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000182413Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:24.409{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local57666- 354300x8000000000000000182412Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:24.409{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50968- 354300x8000000000000000182411Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:24.407{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53293- 23542300x8000000000000000182410Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:26.398{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F17B80F6CBA4D2B69FB43320E19ADA0,SHA256=A68EDD98E465B2631769491AABF28B152C92EE6EB3A3107D6D70CD3D8A9D742B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182409Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:26.345{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182408Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:26.167{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182419Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:27.881{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182418Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:27.613{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182417Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:27.413{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE184BE57DB23160DD1A202F29D2D32D,SHA256=AF3CBF085D0604E1CCE60D8D4AEE97BA5E702BE9D11D3FA1CE988CD9A211F519,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182416Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:27.346{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182415Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:27.182{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182424Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:28.428{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF41D2A7532BA61E85C01E6349C1AFEE,SHA256=498730B3566452CF6020E87745213BDFA3326A8457954DDA2ABAB1594631597E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182423Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:28.365{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182422Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:28.196{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182421Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:28.049{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5FBAC415CA57B0245D389E96B1C5DA8C,SHA256=1A9DEE5FA54BBAE5934F4456D0A646EB38D9ED83198EF3A6313A961CF054E200,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182420Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:28.048{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C79012AC549A9BA02C765C716F6A782D,SHA256=F3085B2BA8C0B5163415AD57AC8143F8D86C819BE83488B3834C7F013860F715,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182437Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:29.464{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8308A2783CDA8F63F37CAA1EAAB4BC0,SHA256=AA7770694BA200EE1C80EFF047F478D3E566A6EB6A6FFB3ECB5189F7B9C27AD5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182436Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:29.380{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000182435Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000182434Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00dad8e7) 13241300x8000000000000000182433Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d8225a-0xf6f16d3c) 13241300x8000000000000000182432Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d82263-0x58b5d53c) 13241300x8000000000000000182431Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d8226b-0xba7a3d3c) 13241300x8000000000000000182430Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000182429Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00dad8e7) 13241300x8000000000000000182428Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d8225a-0xf6f16d3c) 13241300x8000000000000000182427Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d82263-0x58b5d53c) 13241300x8000000000000000182426Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:58:29.296{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d8226b-0xba7a3d3c) 10341000x8000000000000000182425Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:29.211{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182441Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:30.494{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16C6928984D2C1162969997CBA6C8780,SHA256=EF7974FC05C6307EF902DAE12C5E4F40F213ECA990A89B3D6D780FA28EC9BF12,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182440Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:30.394{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182439Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:30.226{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182438Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:30.043{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\24994MD5=148BE95232A8D62D92C06B4539B71480,SHA256=BCD478F817385EFBAC598FB903E1392060596F39DBF3EB110F22DE5EC6074248,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182445Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:29.471{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51445-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000182444Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:31.510{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A8E3EBB53BF4C714ED780E3128CFC51,SHA256=6C9C0DD6606E5A52203F8AA8D135F5E54A7B8FE437D2B11BE80A753ACA88DB76,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182443Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:31.395{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182442Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:31.241{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182450Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:32.896{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182449Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:32.627{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182448Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:32.527{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=483E5831561040DE2FABBC2018E74B6C,SHA256=85AC595539C77E5518E25E4E3284C1D40B657743C0AE7B1DC7DDD4320D0C5E0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182447Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:32.396{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182446Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:32.243{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182454Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:33.545{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85264330EB29EBC2A9D255EB6CD5AFE0,SHA256=F57B5483C13C7A44211F54DE620677C20D408217FC48D938025673A9B9BB154A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182453Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:33.411{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182452Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:33.295{BD6F876E-5D62-620B-1000-000000003702}400NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=538ECEBAC1E9763A30776EB50606C0FD,SHA256=603DFE61EDE7F5E559E4AAAC529E7451A95C7F5F9DD2A1456393EF491D1E55D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182451Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:33.265{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182457Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:34.562{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8090A1A3AF62A8B08406E4C80C81E508,SHA256=67CB9C4CC7A7FCE1C3B4AFC4C06CC5D5633E93198051D5E0BC1FA6F7A63E177A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182456Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:34.425{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182455Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:34.278{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182460Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:35.577{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF4DC2C17D0E1E2EAED0F07B2FC28D0B,SHA256=B2F26011F34A3E31D7518F9398E746ADD03454AAFE728452AF328C35AEE33601,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182459Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:35.440{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182458Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:35.293{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182465Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:34.506{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local56522- 354300x8000000000000000182464Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:34.502{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local63713- 23542300x8000000000000000182463Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:36.592{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F04C5BE6BD9297BB521B09AAC13F7DC,SHA256=14CA907A09B5147833E1AC1BA4B6CF8179801E4B01A3754C81DDEF058B160632,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182462Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:36.461{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182461Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:36.308{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182471Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:37.906{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182470Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:35.500{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51446-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000182469Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:37.637{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182468Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:37.606{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C56EDBFD1F5F80100AAF849FBE671F61,SHA256=8827C0C57CA7E6A837B380CC04F51E6A2D9F5BE1A8D919DE85A99F966020DAEE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182467Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:37.475{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182466Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:37.322{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182474Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:38.640{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DA9DAE60F43D4F9FC9F44DCD3ACA790,SHA256=9815DF8FF58FF70FB60C8D8DDCF8AD7F21EB66EFFB38C0B4383BEF6173EF19EA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182473Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:38.489{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182472Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:38.336{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182477Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:39.657{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5E5C7E11A70A51E267BD832F74CA254,SHA256=01E5CEBF5E086F1E4344877F3D097FA5C2CE836DD1154F23F5A88019D0967B57,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182476Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:39.504{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182475Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:39.357{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182480Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:40.658{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A998C0EAA54698128ECAAE40F4B4018,SHA256=A811A4769FEA642CC762F99DC56744DF67EC41F8344B8B5A3D8603A844F3C7A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182479Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:40.505{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182478Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:40.358{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182484Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:41.658{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=575C4B3D567205F413A4312978DBE3C7,SHA256=8D5B857433811066934490DC80F371FB3E907B957A4BDC376530D1686DAD91A2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182483Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:41.520{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182482Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:41.374{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182481Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:41.321{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\datareporting\glean\db\data.safe.binMD5=2698C875F20EF6150AC2DFD124C5384E,SHA256=8B3F33E0D431FEC3C17CA9FFD66CB8246B93817A79ED16B3E4E02CF2B59DB10A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182490Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:42.920{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182489Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:42.673{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD61AE3DD5284BA6D559670BCC628514,SHA256=5EAD4128EA2CFBFDCB570E976AB04ACD43EC71F0FA7BE1A389EA44A85E3E6662,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182488Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:42.658{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182487Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:42.536{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182486Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:42.374{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182485Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:42.076{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\respondent-20220215075946-232MD5=7025492FB1EC8C8269D41863CFF34962,SHA256=B1F3EABB43E02B60652A4A1B84340FC0A4954EF456DB30059A9A5966425DEB16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182495Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:43.688{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84DDF8684979287319396E6F71432312,SHA256=2DF0EF9003DC2D8EBAC476E2509D19EF9298D425BF29672AFE6E2E3C9450F748,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182494Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:43.557{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182493Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:43.388{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182492Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:43.090{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\surveyor-20220215075944-233MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000182491Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:40.612{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51447-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000182498Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:44.703{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78F9F61297119650CFF4AAD48B576438,SHA256=5C8051359ABA17F9BF45D4C7E8B430F240174B7D17F9BC6506358D8B1DE249D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182497Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:44.572{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182496Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:44.403{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182501Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:45.717{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=167A3665EA81194C2D4D26362BC6058C,SHA256=9784AA810512CC606C60986DFFCAB5962ED17E28AF75DDAD5406A5A1615EED91,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182500Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:45.586{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182499Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:45.418{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182504Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:46.735{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2D08457A9620AED1EA258E3CEAC7BF8,SHA256=D80E97C5FBCE4C40504F8C1DE693AD8F9DF864754F88C7F5DE99BC0F791ED440,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182503Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:46.601{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182502Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:46.417{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182513Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:47.932{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182512Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:47.754{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71CB64D623FE7175E86C29EC2D73CE73,SHA256=A924456E04E6FB176A5A6E79982950939B3F5AA3B5CF0DC42ED023E7A323E5BE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182511Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:47.669{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182510Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:47.616{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182509Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:47.516{BD6F876E-5D70-620B-2B00-000000003702}2972NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=5EFB71941B65BFE05A751CD111932B40,SHA256=6E184D6D7F6FC2ADF175024AF93B2E137C05DBDE01B1E30F412273C3585EB82F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182508Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:47.432{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182507Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:44.696{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local63006- 354300x8000000000000000182506Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:44.664{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local56232- 354300x8000000000000000182505Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:44.086{BD6F876E-5D62-620B-0F00-000000003702}356C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse58.69.124.14358.69.124.143.pldt.net51842-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local3389ms-wbt-server 23542300x8000000000000000182518Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:48.784{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A009823B343AB32DA8BBB78950D6B3F2,SHA256=18A8D46A94696A7B80D0092B26A4F84E4400544C8228AFBA05C4B1AA0F592FE6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182517Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:48.631{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182516Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:48.431{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182515Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:48.200{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5056CE4900DF7F3B428DE25B676DE9DA,SHA256=AE950D3D36EDA25CB336F8807C74ACE94618A638B4B267165F766D13E8CE6577,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182514Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:48.200{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5FBAC415CA57B0245D389E96B1C5DA8C,SHA256=1A9DEE5FA54BBAE5934F4456D0A646EB38D9ED83198EF3A6313A961CF054E200,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182524Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:49.814{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7079464E6C8C0FC4D1D5AE26FF588923,SHA256=325006923F48593EB0D2D8DCB221BEEE24FA817EDCB561392CF04850C70848E5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182523Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:49.652{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182522Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:49.432{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182521Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:46.877{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51449-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x8000000000000000182520Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:46.430{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51448-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000182519Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:46.331{BD6F876E-5D62-620B-0F00-000000003702}356C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse13.90.242.18-60478-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local3389ms-wbt-server 23542300x8000000000000000182528Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:50.823{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E462E1E0ED7D391F4C6FF9014EE4E6A9,SHA256=B9FD749719B9F9C545E994DB8D616F1BD321B82F89CA68DEBA358CC65F09A162,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182527Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:50.661{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182526Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:50.439{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182525Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:50.292{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\28272MD5=65D8E812FFDC8CBF952900BFFCB1D0F0,SHA256=2C98C2477A3A54AEF2F0ED13BCDAE97152F45F886B2ED650B17D85FAB4944EB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182532Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:51.842{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94CDE060F8C284AE79F043D3264DA591,SHA256=70B2BB48BB40A2B85D60EB9320E42BC4CA1B31ACBD070AD3CBE6E8ED4AD771C0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182531Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:51.676{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182530Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:51.461{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182529Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:51.361{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\datareporting\glean\db\data.safe.binMD5=F6A095C97287DDFCD9C6C5DCE251560E,SHA256=6C20AB1871A35B47663F040CB391FDD49159CB0185DB724992E25A430CC0C1CB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182537Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:52.937{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182536Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:52.859{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=780DDEB7C7449F929856B26C888F9B7F,SHA256=6ABBD7BEBBAAEAEC63126FF00EB2941A71E51BAB994AC44E19AFDE22671F25D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182535Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:52.691{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182534Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:52.675{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182533Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:52.464{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182540Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:53.875{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6ABE95DC4A1520DD207722CE1A1853C,SHA256=5C2604D1DE4F0ADD44C561F39521E05634BBE02FC9BF63A4D4B42AB9E9DD54D2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182539Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:53.706{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182538Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:53.475{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182544Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:54.889{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2A2C77DC77B89A1CC92E3A5DA1328A4,SHA256=F6FFF8E6ADA5D2AF33E36465517FC08FB68496EFB8BE692BA5E4BD55C1AF897D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182543Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:54.721{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182542Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:54.490{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182541Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:51.514{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51450-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000182565Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.894{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B823D1A76255A487FC7C27A1CC6B626B,SHA256=F7962EF09C71BD6689DD1533AF9EC9CB80AE94A79DF879CC7553A28809A3ACF5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182564Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.778{BD6F876E-957F-620B-F60F-000000003702}89368024C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182563Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.725{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182562Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.541{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-957F-620B-F60F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182561Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.541{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182560Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.541{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182559Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.541{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182558Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.541{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182557Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.541{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-957F-620B-F60F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182556Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.541{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-957F-620B-F60F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182555Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.542{BD6F876E-957F-620B-F60F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000182554Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.494{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182553Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.425{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\3337MD5=842EF0507274D2FB179B0825677081A0,SHA256=2D0834A33C68940F177961721A15EE37A5A252E50B83FCE58E3C51818C300909,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182552Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.043{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-957F-620B-F50F-000000003702}9196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182551Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.041{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182550Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.041{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182549Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.040{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182548Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.040{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182547Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.040{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-957F-620B-F50F-000000003702}9196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182546Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.040{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-957F-620B-F50F-000000003702}9196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182545Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:55.037{BD6F876E-957F-620B-F50F-000000003702}9196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000182587Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.940{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5203E6A409A33AA939F2B86E559C3BCD,SHA256=C210E9D6185CFAF4B87978D0E49958FC2326150D9C4D954A69FA4C4FC9C756AA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182586Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.893{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9580-620B-F80F-000000003702}8792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182585Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.893{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182584Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.893{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182583Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.893{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182582Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.893{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182581Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.893{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9580-620B-F80F-000000003702}8792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182580Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.893{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9580-620B-F80F-000000003702}8792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182579Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.894{BD6F876E-9580-620B-F80F-000000003702}8792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000182578Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.740{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182577Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.493{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000182576Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.393{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\datareporting\glean\db\data.safe.binMD5=0D2958C8385296DFA14FCD60DBCF5731,SHA256=B00877D2E9AD7686617B13F8207C232648FE9676CCA57BD6035F9E54074F4498,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182575Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.209{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9580-620B-F70F-000000003702}6748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182574Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.209{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182573Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.209{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182572Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.209{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182571Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.209{BD6F876E-5D62-620B-0C00-000000003702}8447120C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182570Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.209{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-9580-620B-F70F-000000003702}6748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000182569Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.209{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9580-620B-F70F-000000003702}6748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000182568Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.210{BD6F876E-9580-620B-F70F-000000003702}6748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000182567Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.041{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E0B0C67087EEEC2B9998569624E718D,SHA256=24E19B451F925A3433D1A65F2AB4CFEE87D6F94376EA14834A3205E5F3B4364A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000182566Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:56.041{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5056CE4900DF7F3B428DE25B676DE9DA,SHA256=AE950D3D36EDA25CB336F8807C74ACE94618A638B4B267165F766D13E8CE6577,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182598Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:57.938{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182597Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:57.754{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182596Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:57.676{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000182595Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:57.508{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000182594Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:54.818{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local64927- 354300x8000000000000000182593Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:54.817{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local63871- 354300x8000000000000000182592Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:54.788{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50447- 354300x8000000000000000182591Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:54.788{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local57632- 354300x8000000000000000182590Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:54.786{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50655- 23542300x8000000000000000182589Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:57.224{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E0B0C67087EEEC2B9998569624E718D,SHA256=24E19B451F925A3433D1A65F2AB4CFEE87D6F94376EA14834A3205E5F3B4364A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000182588Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:58:57.077{BD6F876E-9580-620B-F80F-000000003702}87928716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791