10341000x8000000000000000180832Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.992{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180831Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.439{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180830Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.424{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F097DBA737977E2CCA185022133131A9,SHA256=AD918B9E076D0F0725895A968267182C9D04AF900596237F193F783B8F299B86,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180834Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:00.454{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180833Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:00.439{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59DC1BD6BBB1F1044E8548015B230856,SHA256=A46F0DC9313D3CF328129F34C473424A5EE7C7CEAE3407957546E41D53A6D27C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180838Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.457{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F811ACA4789F4EE91D13FD95F79EB10,SHA256=79D040242C909120A2F1F413044DBB1A1ED46A2193C52C94F6DE3FEE33D8E8AC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180837Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.454{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180836Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.407{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BECFB4CDF70213664F6977ED6135CA9B,SHA256=58FE1736AFB0F1FC9A09A8F4FD8BB050C8A2ECBAC4E8B24D549FD20EB055EFB4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180835Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.007{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180845Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.475{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0C2DC69864F767E4464E8B65599682F,SHA256=25D436F9090937AD872441BFFEFC23F2AC2E667B9ECEE609342D19DA7E97B500,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180844Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.475{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180843Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.291{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180842Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.755{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51382-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000180841Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:53:59.755{BD6F876E-5D70-620B-2300-000000003702}2764C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51382-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 10341000x8000000000000000180840Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.023{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180839Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:02.023{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180853Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:03.490{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF4257832C68E1EAC86278653AC5A44D,SHA256=C48CACCF56A58B4CD8596F64DB922536BD0D35CAEA01E540C53870E94E876450,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180852Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:03.490{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180851Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:03.390{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C067BF684E2CE2FFDC878A4ED62E1D5,SHA256=F15E0A27DB7D3AC32BDD75AA33AF5BD14B87C990F1D5C14383FFB8A9419EE94D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000180850Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.457{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51245- 354300x8000000000000000180849Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.456{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local56464- 354300x8000000000000000180848Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:00.555{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51383-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000180847Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:00.486{BD6F876E-5D62-620B-0F00-000000003702}356C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse58.69.124.14358.69.124.143.pldt.net61682-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local3389ms-wbt-server 10341000x8000000000000000180846Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:03.037{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180858Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:04.505{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3B29AE84D0BACFDB71C2D3640FD7D73,SHA256=9F1608421CC836FFF5D4DCF23660BC15F12DB066BE30DED38605348049E30210,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180857Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:04.505{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180856Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.488{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local62747- 354300x8000000000000000180855Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:01.460{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local62965- 10341000x8000000000000000180854Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:04.052{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 11241100x8000000000000000180863Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.973{BD6F876E-75E2-620B-8E03-000000003702}2792C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\SiteSecurityServiceState.txt2022-02-15 09:49:05.705 23542300x8000000000000000180862Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.973{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\SiteSecurityServiceState.txtMD5=1882A5DAAF54528FE1D22D09A05F38EA,SHA256=90B99A9D017C25CAD83F0EB9F0B902EBFD3770C6539D62E2600914515FA752F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180861Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.505{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B173935131302404133A2DA9CF09498,SHA256=B514990FF2C3D3A8B6B549A5CE5F8E2FAF578AA3258A63A11D251FFBBBEB904A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180860Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.505{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180859Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:05.053{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180866Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:06.520{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F75B298CFA85B377E8CF5A0575543C8,SHA256=C0C20D8D1B03426F55A92703C5867057EAA7124CA445E6B14371D0E4CE275172,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180865Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:06.520{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180864Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:06.073{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180872Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.520{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=537218115FA928339971D206644E043B,SHA256=F7C5081EBB7573C85DB84AB59E2257C3F41CFAD04F4BDBD367892D8A2834AEE7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180871Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.520{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180870Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.305{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180869Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.089{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\24346MD5=81940AA0788732E56329DCA75FED8467,SHA256=E02179A5EA5CE0AD361A4816D6BAC67B1DFD1658ECD1E5B1DB01C2FFDF64E19C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180868Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.074{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180867Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:07.036{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180875Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:08.535{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0176E6FEB8F541959A97975239B9E50C,SHA256=60E779E60BDFBA4E6D511FEDA5293E596AF5014710BC6EB27C02572A87D56946,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180874Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:08.535{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180873Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:08.088{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180879Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:09.571{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79D1ADAB2F39A610D1013613D3AE9BAC,SHA256=578E73FBD835AE646BBEBDA175F7B54BBD9AAA295B6A5D4BF4E6FD547738E02F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180878Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:09.550{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180877Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:06.431{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51384-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000180876Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:09.099{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180882Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:10.586{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26E7248465C7EB75FD82C5D62FF69C68,SHA256=E9D887C79F37B83DA16DD1A35DBB027B50F97C435C97690198BF55F1508CA10E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180881Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:10.570{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180880Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:10.102{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180885Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:11.601{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC1D15B4BE938BD297C30191A7333647,SHA256=CCF984B00EEE69B4496A3FB8EC3855AA0E8260C17F4212ACB7E39828FA19701A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180884Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:11.585{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180883Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:11.117{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180899Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9464-620B-D20F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180898Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AF7B8590D7E1FF38BF43FC1FCC370B5,SHA256=012EB2430525C7E54ADF41328A057FEF7A303B0B51B30E134EF8B2E4BEE0FFFF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180897Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180896Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180895Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180894Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180893Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9464-620B-D20F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000180892Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.615{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9464-620B-D20F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000180891Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.616{BD6F876E-9464-620B-D20F-000000003702}8936C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000180890Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.599{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180889Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.315{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180888Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.200{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\19229MD5=D75BD0BF34AE949CEBE403C02DFC4C43,SHA256=5D003925CB7F4AC6AE6792B13035584C50180BC7F9B3EEE585551CC081F577C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180887Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.131{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180886Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.047{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180921Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9465-620B-D40F-000000003702}8356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180920Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180919Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180918Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180917Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9465-620B-D40F-000000003702}8356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000180916Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180915Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.800{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9465-620B-D40F-000000003702}8356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000180914Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.801{BD6F876E-9465-620B-D40F-000000003702}8356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000180913Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.616{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B321953EB42AF0663C9F0B1B951BC1C,SHA256=B9EC7959BC96E2C33E321114522D47D75FAA92F3CDBE63F87FA194BD0C7D3D74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180912Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.616{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E137D976D454EB41293498AB70FD73B8,SHA256=E67E915441686E05AEC0C9F2E413BC252B4206DE0AA83BF8EB5E2E08E8029780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180911Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.616{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D32FD728D97CAF18BC6583509B017E10,SHA256=A7334AB5D25EABC1A0059FFF45F1AC724C7666E3199467302742BF20C4776E65,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180910Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.600{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180909Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.331{BD6F876E-9465-620B-D30F-000000003702}83885760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180908Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.146{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180907Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9465-620B-D30F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180906Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180905Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180904Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180903Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180902Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-9465-620B-D30F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000180901Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.115{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9465-620B-D30F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000180900Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:13.116{BD6F876E-9465-620B-D30F-000000003702}8388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000180926Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.808{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E137D976D454EB41293498AB70FD73B8,SHA256=E67E915441686E05AEC0C9F2E413BC252B4206DE0AA83BF8EB5E2E08E8029780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180925Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.623{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=937F5DAA0FC0A1626C4D8D57FCC0DB1F,SHA256=6F3CF7BCC198469D9E2DD9FBFDA52FC7D44809A2FAEE2D1758CB6C35D600AB0D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180924Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.608{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180923Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.162{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180922Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:14.133{BD6F876E-9465-620B-D40F-000000003702}83568812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180930Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:15.660{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3076885D2E191647931D552E74F9CDDE,SHA256=7BADF6A693B2383F354AA71554A749906782C5658EF7BE4A6F8CF8BA27F625A5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180929Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:15.607{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180928Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:12.478{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51385-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000180927Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:15.176{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180933Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:16.676{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FFE719F6726585D42E2B91F1E79B515,SHA256=B8999D29BBA7E5E64C14606351C8C66C608850810C69FAEE497FEC4478C911EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180932Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:16.623{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180931Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:16.191{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180978Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.890{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6EC79E3910901170884C73FE09E00F5,SHA256=46E963AF96F675A0C69FDFC3FC1D03702B2E463D0D3797564920C98BBAE17C6B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180977Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.637{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180976Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.322{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180975Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.206{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180974Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.060{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180973Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.041{BD6F876E-5D62-620B-0D00-000000003702}9049096C:\Windows\system32\svchost.exe{BD6F876E-5D62-620B-1600-000000003702}1300C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180972Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7486-620B-5303-000000003702}4212C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180971Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7486-620B-5303-000000003702}4212C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180970Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7486-620B-5303-000000003702}4212C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180969Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180968Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180967Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180966Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180965Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180964Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.040{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-80DA-620B-C40C-000000003702}7632C:\Windows\ImmersiveControlPanel\SystemSettings.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180963Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180962Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180961Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180960Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180959Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180958Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180957Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180956Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180955Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180954Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180953Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180952Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180951Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180950Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180949Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180948Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180947Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180946Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180945Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180944Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7484-620B-4E03-000000003702}4596C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180943Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180942Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.039{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180941Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180940Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180939Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180938Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180937Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180936Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180935Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180934Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:17.038{BD6F876E-5D62-620B-0D00-000000003702}904924C:\Windows\system32\svchost.exe{BD6F876E-7485-620B-5103-000000003702}5028C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a31|c:\windows\system32\rpcss.dll+43b62|c:\windows\system32\rpcss.dll+43e9f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14412|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180983Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.905{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFD10E37F9DB4575854160A73CF8F211,SHA256=EDFE3BCD560541768B71FE4290AECFA5416418D8433F61EF702F2B11CF1F260A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180982Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.638{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180981Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.274{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=40D81D9E519E9B4337E1273D02DEA199,SHA256=4B0CAC2724BB105F61E6D7FDC698428DC3997069530EE2BAEA6B464ACFAA736F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000180980Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.274{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6lia0t9e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180979Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.221{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180986Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:19.921{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E5E35353B0F8567AA867261A977055F,SHA256=7F0E5B19DEE8EF59C24113190C03674E21560FF68C38E65069D4FA7B083589A9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180985Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:19.639{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180984Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:19.236{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180989Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:20.958{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44EA45BE29A66A9EE2440F2B82A0DA6A,SHA256=27C8ABEDB6C020A9270FB80F62675D2D32FA48D370F3D2B7B384B8D48532D881,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000180988Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:20.658{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180987Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:20.258{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180994Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.989{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC46F1E86BD3C6A37E7B31D4A8510CBA,SHA256=F2452ADA864A9569EB74184908FDDEBD05A80D095BB5A27D9C2209EEED690973,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000180993Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:54:21.857{BD6F876E-5D62-620B-1100-000000003702}476C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d82262-0xc53b8445) 10341000x8000000000000000180992Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.673{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000180991Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:18.436{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51386-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000180990Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.273{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180998Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:22.673{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180997Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:22.336{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180996Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:22.289{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000180995Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:22.073{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181005Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:23.688{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181004Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.738{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50205- 354300x8000000000000000181003Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.737{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53050- 354300x8000000000000000181002Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.701{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53520- 354300x8000000000000000181001Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:21.700{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54835- 10341000x8000000000000000181000Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:23.304{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000180999Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:23.004{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75F888254AE8DCCE2945300179C6660B,SHA256=FCE8FB63318D3C4A482C8AC630754FC1D11201AE4364BAA261374F032AE423B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181008Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:24.688{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181007Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:24.319{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181006Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:24.019{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5533E40EC1F2777B919C2909AAB881EE,SHA256=D1A4AE1756C346E5A88189E70010B049AECDD7545D63F5124D9D9D67C301A8D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181011Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:25.703{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181010Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:25.335{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181009Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:25.019{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF617062E04E89E635C854192839599D,SHA256=9C3A461960C1C13576967ACE8836E769408116FB7EB553A4F41FE7222B1657B2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181015Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:26.703{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181014Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:23.598{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51387-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181013Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:26.335{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181012Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:26.019{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E519B55E572EAB1C8D4C0D662E5E83F,SHA256=F36C492CD1114DC84AE425987DD48891313EB135AC63ED57529E85E20D424826,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181021Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.718{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181020Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.356{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181019Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.356{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181018Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.335{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\26502MD5=5BD23A0AAF9373D7B65D49086EB2C4F0,SHA256=B5837C80EC4753FF55C9B3F1130DAD36FAB4F41B1EAEFD56D4FE3BC303F697BE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181017Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.087{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181016Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:27.038{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9329C579C5EFA3844A274B1C805C6537,SHA256=D001A9DAF2CC0D387EBB5DCAC9DBE1F0E31C0EB0BBF26349B5CE8F880AE7A8C6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181024Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:28.733{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181023Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:28.371{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181022Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:28.055{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=681681C5B7A0D35C3FD7E0A612C3EC2E,SHA256=C838EAE2A86CB6B047C524989BC4F1BEC34A596F33ABDF6CA27A0DC17237FC58,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181027Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:29.754{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181026Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:29.386{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181025Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:29.070{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=000B623563C3F2ACD4B4DCCAAE6DABCA,SHA256=16C02B8B89667B8C4853E134318A9E0522EC42F8C845D6DBC264CDE825ED921A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181030Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:30.769{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181029Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:30.401{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181028Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:30.085{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B93EDC46F67BC8468567D6BE2D72739,SHA256=1671EF97951623460C8EE0B45081DBF51ACD7A116C118997509ACFE298109EC4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181034Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.784{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181033Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:29.548{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51388-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181032Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.416{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181031Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.100{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C607B153A46E1915DBC1DCF7201174C,SHA256=8458746242B9A77BE0EA8384771584E5BB2054959B6F63CF16F2C7F7191A8DF1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181040Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.785{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181039Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.468{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\14629MD5=59A9EDB44BC083D09A5FCF7AC0BE38F0,SHA256=ACEE5AE4F05DF9A4271B28C892234052F28BEA4AC7447A04C06842E6CB8AACE7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181038Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.431{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181037Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.368{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181036Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.137{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD52097B1D2CFD7E3B78057139E647FE,SHA256=752CBB12B5A9761BF630BC36CEDA4CF76848512A4BD2718ADCE2ACD66D46C07A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181035Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.100{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181046Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:33.800{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181045Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.867{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local63425- 354300x8000000000000000181044Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:31.848{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54147- 10341000x8000000000000000181043Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:33.453{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181042Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:33.253{BD6F876E-5D62-620B-1000-000000003702}400NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=34F52A8CDC2EC8BA56EDB24E2D48B181,SHA256=FD74A6D14D1F9481DF03F06D252DA3ED17EFD992770EBFE9A397A1F7F5731BF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181041Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:33.153{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB806D4F1BF759B2A6727E6C3066D166,SHA256=C6B75392243E0A3CD11B003C14DD17A0360342EBF376C53DDC8B06F73580F0E1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181050Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:34.800{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 22542200x8000000000000000181049Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:32.469{BD6F876E-75E2-620B-8E03-000000003702}2792e13630.dscb.akamaiedge.net02a02:26f0:1700:1aa::353e;2a02:26f0:1700:195::353e;2a02:26f0:1700:1b0::353e;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000181048Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:34.453{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181047Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:34.168{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6920FF3CCDC026FCCF439AD93C734627,SHA256=92F3D83AE08D5DDB952B57A7DDB0C4CEAA86C697113EF644D4F022F86733695A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181054Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.918{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\respondent-20220215075946-228MD5=7025492FB1EC8C8269D41863CFF34962,SHA256=B1F3EABB43E02B60652A4A1B84340FC0A4954EF456DB30059A9A5966425DEB16,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181053Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.815{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181052Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.468{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181051Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.168{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C394EA6C383E6091FF6385CE4ED5FF44,SHA256=8A769E323DBCF9617C20C5251FAC65E55C42FAD7D1E382040A631E452931564F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181058Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:36.931{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\surveyor-20220215075944-229MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181057Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:36.830{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181056Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:36.483{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181055Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:36.183{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EBD3AC8C7A4C262FB289ED97116BE27,SHA256=0DC2047DF9682F8A29CD938B1463FC168F9D7C85C9CBB6E8E4CA4714081258DF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181064Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:35.546{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51389-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181063Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.830{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181062Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.488{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181061Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.383{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181060Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.199{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=171E6172AF226CB60C7DAC45F2F72B64,SHA256=0EE5505A6EB6C00C3F3D94B91B8BDECAB951FD2ADD310A0A6547444F92834CCE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181059Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:37.114{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181067Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:38.830{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181066Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:38.499{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181065Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:38.214{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAB83936268E8E61213774264F0C2BF4,SHA256=F9D7144974B47F95D9FEF89AC6BBAC563814E91E1931012B70DD0E404FB6EA94,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181070Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:39.829{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181069Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:39.513{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181068Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:39.251{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB7CDC8E57C54D0E7DFE254D312A6C03,SHA256=74683A556DC4BF22F8FFBE4359D33960F9F2305392EDAF867CA367D5389EBC31,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181073Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:40.849{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181072Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:40.528{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181071Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:40.281{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7C529E813D94A91C7B5114F439DE47B,SHA256=492D686CAC22D71BC27DEB276688D308F874F4B63A2BE8A072FDAAF7EC338E18,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181076Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:41.863{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181075Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:41.548{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181074Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:41.311{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C910D7583DFEAC98305A255704258AD,SHA256=F897F3ACF9649E2B2533026D5CEA6C417C7C80F7FD6AA53030CD0B896BEE6AE0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181081Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.879{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181080Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.563{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181079Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.395{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181078Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.330{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4EE8F7A00B727D8F105579DBE7761B9,SHA256=C6D0957482D73C93F602E12F5AE706350A162819B5FB046F717C76C8E44BCC3E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181077Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:42.126{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181085Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:43.894{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181084Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:41.526{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51390-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181083Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:43.578{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181082Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:43.347{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=922B57D4CCC2DEC934FC2DEAB56B5002,SHA256=813566FD60910C058F429BCF840AC69CD84431C276FB60C6B142A5C68B23E85B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181088Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:44.909{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181087Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:44.593{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181086Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:44.347{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=387324BE73FA0F9195614B33EA4DB056,SHA256=FAE8B011820FCD1C5B532E428C207F62B67E192FAF50B5A8A12CB2B4712A6135,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181091Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:45.924{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181090Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:45.608{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181089Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:45.377{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A94D435F69E2E033385D98A71899B769,SHA256=E5A6E33B2830FAEAA3B87D3C33E930124BE9A947FDEE53B7AA35DE469309C2BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181094Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:46.945{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181093Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:46.623{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181092Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:46.408{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D432E0EFF1D086C2C0C2DA8AADFA5130,SHA256=0BADD04930FD954B411CEBE8DFD0BA546B949FB02DC29965A20459AE56175C8C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181101Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.959{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181100Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.644{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181099Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.560{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\2757MD5=48ED27A2A7E9BD09CC2974CF4E68E536,SHA256=68A173C96AC1B4B08C709B768FFE0841581BFA090862F2CFC6E80DE4B6CE2521,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181098Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.428{BD6F876E-5D70-620B-2B00-000000003702}2972NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=5EFB71941B65BFE05A751CD111932B40,SHA256=6E184D6D7F6FC2ADF175024AF93B2E137C05DBDE01B1E30F412273C3585EB82F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181097Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.426{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=547ECBDC38D6A89D9E49418C114376A0,SHA256=E787D543423C09CA50A523BD377925CAFD6315693BD67D12EA17284A9A7053C8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181096Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.407{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181095Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.144{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181104Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:48.974{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181103Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:48.659{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181102Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:48.459{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46FA79735299C01053F065A760246F10,SHA256=3F5EC4F79ABA2EA90978C064B1A221D3F33BBE07E13E98CE86ABAB545FC02172,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181108Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:49.989{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181107Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:49.673{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181106Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:49.473{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1AE2308CB4E060B9C91EC386F047A1A,SHA256=9AF3918112BEA98953FA9BED4E35C0834218B0D9D1718480C3DC0CC1C7A5BFD1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181105Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:46.785{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51391-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x8000000000000000181112Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:50.991{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181111Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:50.676{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181110Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:50.489{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71F8ACD67068417EE27CAB16F14B1B96,SHA256=AC6AE40188A1CDA6BBB0134750B3AF9D5A317E70DEC9741C1427125F7C942794,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181109Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:47.485{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51392-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181114Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:51.690{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181113Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:51.490{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=242448FB54EF0CD4770655D12FC7F60B,SHA256=45D2007B7587B7AC6B232C54584AA6FAE3C0DCCCB4B80E8A644649A6247F6EE1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181120Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.704{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181119Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.658{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\17458MD5=AF8D6378FEC5B4CE2F384149A7AF1932,SHA256=8C8187637D85590872AE4F141ACF50F212A8AA35E51B7E4F8555E4CB89311A99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181118Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.524{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A6F7D9825982DFE9DE5965FB786AEED,SHA256=4FC152BD6724D79A4BE926D632293BC18773ADDBF317747308318E0DD043B362,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181117Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.420{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181116Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.158{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181115Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.005{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181123Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:53.719{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181122Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:53.557{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE0CA227E7AF1070AD4DBB5A92F97368,SHA256=D3DA6482573425D4BF9350BF718B5E2A6930594F736DDA1097C0852DB3A991FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181121Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:53.004{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181131Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:54.740{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181130Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:54.587{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=251F70FB11523447477FEF28E417AA2B,SHA256=67DCCB6EEC570E2C7535689534A4CC4ED85CE6F5371722736C16BAB9041CAF3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181129Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.069{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local65139- 354300x8000000000000000181128Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.068{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51949- 354300x8000000000000000181127Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.039{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local49291- 354300x8000000000000000181126Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.038{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53514- 354300x8000000000000000181125Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.037{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local64573- 10341000x8000000000000000181124Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:54.019{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181151Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-948F-620B-D60F-000000003702}7340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181150Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181149Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181148Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181147Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-948F-620B-D60F-000000003702}7340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181146Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181145Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.856{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-948F-620B-D60F-000000003702}7340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181144Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.857{BD6F876E-948F-620B-D60F-000000003702}7340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181143Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.740{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181142Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.587{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50C8F33B4B3C52CA22EB26204B7E4651,SHA256=7814AFDA46A773CD0D8D7551FCBAC190745EF08061A41700FDDCF3D16D91D17F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181141Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:52.620{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51393-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181140Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-948F-620B-D50F-000000003702}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181139Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181138Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181137Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181136Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181135Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D60-620B-0500-000000003702}408524C:\Windows\system32\csrss.exe{BD6F876E-948F-620B-D50F-000000003702}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181134Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.202{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-948F-620B-D50F-000000003702}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181133Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.203{BD6F876E-948F-620B-D50F-000000003702}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181132Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:55.020{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181165Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.756{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181164Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.724{BD6F876E-9490-620B-D70F-000000003702}26766512C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181163Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.602{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED357E37EEFFB1BD7B7B2D044DCBAA2D,SHA256=1364AB492836476B15A931D311A16C834BABCAC3DDB656F24C21495244CA3191,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181162Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9490-620B-D70F-000000003702}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181161Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181160Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181159Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181158Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181157Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9490-620B-D70F-000000003702}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181156Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.540{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9490-620B-D70F-000000003702}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181155Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.541{BD6F876E-9490-620B-D70F-000000003702}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181154Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.203{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBC9B74B4006EBE05E75BF4567737E95,SHA256=4D3C7D1DDFCD846619F0603793AFC26E0C1FDEB0E9FE8C61D36D438A09E8FC3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181153Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.203{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B49E58B432567BE40977FDE93065F5D6,SHA256=1953A678F4ABB009DE088DB200431E4C5814BC12DF951F138BD5900B924257A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181152Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:56.040{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181180Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.771{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181179Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.624{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45FBBE50A2735FDA32478874FB758F94,SHA256=4803612C71E84579630B17AF528A21C68A2664B8484BE73CEAFCBD493002CDA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181178Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.571{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBC9B74B4006EBE05E75BF4567737E95,SHA256=4D3C7D1DDFCD846619F0603793AFC26E0C1FDEB0E9FE8C61D36D438A09E8FC3F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181177Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.440{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181176Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.402{BD6F876E-9491-620B-D80F-000000003702}925524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181175Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.223{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-9491-620B-D80F-000000003702}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181174Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.222{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181173Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.222{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181172Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.221{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181171Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.221{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181170Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.221{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-9491-620B-D80F-000000003702}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181169Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.221{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-9491-620B-D80F-000000003702}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181168Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.218{BD6F876E-9491-620B-D80F-000000003702}92C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181167Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.171{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181166Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:57.040{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181183Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:58.786{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181182Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:58.639{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADC1512C179A662DDB7800EA8B4C3050,SHA256=AC6761F8614ECBD123E602C8C1C072FAA31FBF198025002A51BAE322E53A3CA0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181181Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:58.055{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181186Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.800{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181185Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.654{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4B5A28FB9FE1248864317EECA25912C,SHA256=F73D57AB9FF4DA7845511C521E70A130D78648E3FEE19C23C5232DAFD8B4DA3E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181184Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.070{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181190Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:00.815{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181189Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:00.684{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=029B63856EC1C4394EC09BE3C923BDDF,SHA256=90BC234793A58FBD16CB10C378DFBC1742EF4879A64A583FE31FCA80324A5B84,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181188Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:58.398{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51394-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181187Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:00.084{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181194Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:01.836{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181193Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:01.698{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=162E505CC739BA369FBF81E8B6931A21,SHA256=B955568961CE1CDF1838D37218F25F01DA4BCA01423B53AFDD992E12EF87A690,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181192Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:01.399{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0B15F5FC6F5265FABD57AABB2BDB871,SHA256=C2FF4B5EBB24D526015D9BD31970F30DF6466A639C5E59FA5267A44C497FE788,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181191Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:01.099{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181201Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.850{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181200Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.719{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A160E01AE8DD5BA804C5D1A13835AEA1,SHA256=78D7899831449AA8C308C482E8325A55F985AB4F648094141536CC652FD6EEBC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181199Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.451{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181198Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.762{BD6F876E-5D61-620B-0B00-000000003702}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51395-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 354300x8000000000000000181197Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:54:59.762{BD6F876E-5D70-620B-2300-000000003702}2764C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local51395-true0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local389ldap 10341000x8000000000000000181196Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.182{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181195Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.113{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181204Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:03.865{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181203Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:03.734{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CCD40E7EA9E892583A95C86B9CE0A3A,SHA256=835B9BFC4AAD5CC7AD6159B40D4B7B2B623915BA71D8BBA202DE8D529E0FB40E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181202Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:03.134{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181208Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:04.880{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181207Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:04.765{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AC5148EEEF2A2F7A07DD9768539C4B2,SHA256=1FBA06A44C6311995BF17A776C62C79A21FDE26EA1A4501AC54D992738E8F781,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181206Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:02.182{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55135- 10341000x8000000000000000181205Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:04.149{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181211Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:05.895{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181210Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:05.780{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3DE02283F52398BB2938C5BFDFBD2D3,SHA256=B54B5FC56ED3143AFF12A6437A35042D8003E6CADA91D77A56EFAD6C3A907717,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181209Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:05.149{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181215Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:06.910{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181214Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:06.794{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDFCD572F0D54C77FB609CADDE3C9F74,SHA256=F2CED8B5C1E1FBC7D5DB99AFCEC7EFC18F1C1B718AF04FD89871A0BA4E981ADD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181213Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:04.427{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51396-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181212Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:06.163{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181221Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.930{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181220Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.830{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB81090E93E7A528EC991755E7DAADE9,SHA256=BE4B26DB4540FC8139E903E354B4F116875002D00BAA935E7F1D485D0CAB80F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181219Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.814{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\24505MD5=52EC91D49BAABA8BDEEE21963A2FEE47,SHA256=E0FDB9D3AAF89A0B3DDC4F0FBB9E669646D64DA3F9E28FD90F17F2BC39A7944F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181218Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.462{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181217Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.194{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181216Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:07.178{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181224Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:08.946{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181223Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:08.845{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=030B4F22BB2FCA1B93E691413BB74EC1,SHA256=2148CEAD6DDBBE0EF5426FD4CE75F131D827A222EF8AACBE40DBD0584E5FBA7D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181222Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:08.193{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181227Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:09.961{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181226Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:09.861{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE128A3CC7133C30A28A042186571D30,SHA256=7F62CEE6CB4BAC204485A8D689875A08D49E605D4569FE7EEDE1694EB40279B1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181225Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:09.208{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181230Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:10.977{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181229Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:10.877{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EE6CE2633A5942BFCE3382F57160B78,SHA256=150828CF29F11070DA6A50CB48581ECC446BAA4778DA43CF663B10123E6BBB99,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181228Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:10.209{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181234Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:11.992{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181233Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:11.891{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61813292381E99386F18AACDDDA1EECE,SHA256=D810416A68CC99B9CE342E25F96EE0AA315BF411242F7B0AC61863DB3BCEBEB0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181232Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:09.571{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51397-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181231Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:11.229{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181247Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.912{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\32675MD5=C3F7CD7370C7D129478F3B96A013756A,SHA256=E5108745F81AF457EAF1FBDB4415216D73B7141C71F1AF76CBFD10A9C1D214B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181246Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.912{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E68A69FCD2CB67BA63C1A8912A25BE0,SHA256=FADDEC58BBCD2D83156C646F153202E400BD4A57A30311DC09FF16ABBB22C16F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181245Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94A0-620B-D90F-000000003702}7528C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181244Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181243Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-94A0-620B-D90F-000000003702}7528C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181242Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181241Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94A0-620B-D90F-000000003702}7528C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181240Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181239Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.628{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181238Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.629{BD6F876E-94A0-620B-D90F-000000003702}7528C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181237Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.475{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181236Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.244{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181235Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.206{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181269Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94A1-620B-DB0F-000000003702}7780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181268Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181267Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181266Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181265Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181264Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D60-620B-0500-000000003702}40896C:\Windows\system32\csrss.exe{BD6F876E-94A1-620B-DB0F-000000003702}7780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181263Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.975{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94A1-620B-DB0F-000000003702}7780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181262Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.976{BD6F876E-94A1-620B-DB0F-000000003702}7780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000181261Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.943{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80CB7A9A5755D347E5AD585EA117146C,SHA256=6F5BED2F7EE5309DE17FEAEF26655967733075CC0371FB81D2B7E17EF2C58638,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181260Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.628{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F06C7FC2F8FB28798C2AC16D1B727F6C,SHA256=648D95ED20EA9B7B3537A3306BC847A95B49A0FE0398008D6A8AD2EDC0F8CDF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181259Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.628{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=997504C1FAFFEDAC3A5DC979297C4183,SHA256=42A54678B726410EE0808B08C61A53F4BC3EBE2BBCD7D037976B8C66864C2032,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181258Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.512{BD6F876E-94A1-620B-DA0F-000000003702}82888872C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181257Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.312{BD6F876E-5D71-620B-3300-000000003702}32403260C:\Windows\system32\conhost.exe{BD6F876E-94A1-620B-DA0F-000000003702}8288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181256Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.310{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181255Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.310{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181254Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.310{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181253Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.309{BD6F876E-5D62-620B-0C00-000000003702}8446932C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2900-000000003702}2944C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a563|C:\Windows\System32\RPCRT4.dll+d5bc1|C:\Windows\System32\RPCRT4.dll+52d3c|C:\Windows\System32\RPCRT4.dll+358e4|C:\Windows\System32\RPCRT4.dll+347fd|C:\Windows\System32\RPCRT4.dll+350ab|C:\Windows\System32\RPCRT4.dll+20e9c|C:\Windows\System32\RPCRT4.dll+2131c|C:\Windows\System32\RPCRT4.dll+1049c|C:\Windows\System32\RPCRT4.dll+11cfb|C:\Windows\System32\RPCRT4.dll+1a5ca|C:\Windows\SYSTEM32\ntdll.dll+1d35e|C:\Windows\SYSTEM32\ntdll.dll+1ecc9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181252Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.309{BD6F876E-5D60-620B-0500-000000003702}408424C:\Windows\system32\csrss.exe{BD6F876E-94A1-620B-DA0F-000000003702}8288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5179f 10341000x8000000000000000181251Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.309{BD6F876E-5D70-620B-2B00-000000003702}29723808C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{BD6F876E-94A1-620B-DA0F-000000003702}8288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7414|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 154100x8000000000000000181250Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.307{BD6F876E-94A1-620B-DA0F-000000003702}8288C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{BD6F876E-5D61-620B-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000181249Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.259{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181248Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:13.005{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181276Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.990{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F06C7FC2F8FB28798C2AC16D1B727F6C,SHA256=648D95ED20EA9B7B3537A3306BC847A95B49A0FE0398008D6A8AD2EDC0F8CDF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181275Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.943{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EB621739CD74C502E63747A28FECF6F,SHA256=06832BB450428A52F81667C14E097DD745C5DDFED98D250B21EC97CC3BA9585B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181274Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.323{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local57147- 354300x8000000000000000181273Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:12.286{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local64674- 10341000x8000000000000000181272Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.259{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181271Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.175{BD6F876E-94A1-620B-DB0F-000000003702}77806192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{BD6F876E-5D70-620B-2B00-000000003702}2972C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181270Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:14.006{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181279Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:15.958{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=617F77CF5BB7AD5022A7055E24B64564,SHA256=CD46A8F03A58D4E3ACB2B22EEED05BD3239EBFA779A5FF6BEED68F39738BD77B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181278Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:15.274{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181277Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:15.006{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181282Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:16.973{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05E4E8F71A67C200B0BAED5BCC63C942,SHA256=BDB801CDD03C2E205C3BE9F5B0E6A8A83708FB207F8241E8D854BAD1163ED242,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181281Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:16.290{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181280Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:16.027{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181288Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.988{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D5D4982B03095EE4421AF992C3216FC,SHA256=ABE8397A09730AF003BBC78F86F2C63CB961D312E1B49DC1B670385D11247F09,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181287Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.488{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181286Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:15.468{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51398-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181285Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.304{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181284Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.206{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181283Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:17.042{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181290Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:18.304{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181289Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:18.057{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181293Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:19.304{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181292Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:19.072{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181291Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:19.025{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22F7D84B658473E5AD1F0F7B13BF97F9,SHA256=795BB7FE63D44C007EA3CD0F45BD8B6A8A2C2753E466DFF8E2DD901A2C8E3486,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181296Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:20.305{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181295Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:20.074{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181294Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:20.027{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B0DCED10107AB3ABD9240882453BFF8,SHA256=B0B19F09812628C4854709ED5F091BAD71E62FC13ECF8CF44EC60A196D65890A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181299Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:21.306{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181298Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:21.088{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181297Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:21.041{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16053A30C76186A3AFC25188D3046FEC,SHA256=14DA11DD709756D94BD26938860B1021114B27BBCDDE5BF1209BBD06FCD46277,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181305Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.502{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181304Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:20.482{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51399-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181303Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.308{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181302Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.224{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181301Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.103{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181300Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.056{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDABBB54CDEB2C502A3AEE26256A2411,SHA256=66C8DB45122E0CAC32ECE0D547E7DC1B40F603A9425AAFD07A88977DC5760B7F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181308Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:23.323{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181307Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:23.123{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181306Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:23.086{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DA0B3976F98FD3A5203E14CE0095B4A,SHA256=B6F8F8BD5CB115ED91E774033CE69057B03D3D853D6D5C91F298B3CF77BB6D7C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181312Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:22.402{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54945- 10341000x8000000000000000181311Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:24.338{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181310Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:24.138{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181309Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:24.122{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78493B7D96AABDA4466EF627BF7FFE66,SHA256=2192F09A9FFB413C7A7CF790D88D7046ED504E9DA3AA48E394575EADDD3021FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181315Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:25.338{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181314Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:25.139{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B66E158F0492DEA1665ECB386B327E3,SHA256=FFA3E64D7ACA32FEB0B05BEABA216FB8DFE32A039595CB7F18E2DAB6712C23D3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181313Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:25.139{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181318Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:26.338{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181317Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:26.154{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03481E7D9F2A65E820E548ADA4371E76,SHA256=C064B30E843340ADEE1BC924E36E98987C4E1A9CDAC8F8F6A0BD8E135AFC94B9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181316Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:26.154{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181323Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.521{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181322Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.353{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181321Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.237{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181320Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.169{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0140E811AF329670F255DCCDD6E25B59,SHA256=9344ED9562635BB3DC3CDBB059501573BEC7FB49E30018FBD894816F687EDCDE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181319Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:27.169{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000181328Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-SetValue2022-02-15 11:55:28.898{BD6F876E-5D62-620B-1100-000000003702}476C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d82262-0xed311651) 10341000x8000000000000000181327Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.367{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181326Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.183{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19116211AB57005A0E2CB6D6189683EB,SHA256=136AF471FFA0FF2917C7520460071A77E8D4F3C5E264294C7C751A70D5D7C819,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181325Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.183{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181324Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.036{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\26997MD5=221D691A4FE838B910E29E2C2B05027B,SHA256=487AB4D4155E0D9B3EF0DB13247A6B9021207E95B54C914C0347DB28C1EF4724,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181332Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:26.416{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51400-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181331Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:29.382{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181330Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:29.220{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93DE647D268D0277A3084EFC1597AAE8,SHA256=10E12F95DFAED293364BBBF4A78C95ACC13DB24666F8BFECB17F0CE4E1B999C0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181329Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:29.198{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181336Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:28.260{BD6F876E-5D62-620B-1100-000000003702}476C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local123ntpfalse40.119.148.38-123ntp 10341000x8000000000000000181335Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:30.397{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181334Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:30.250{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BFD3ABAD2ADA14DB031FB60C25D683C,SHA256=44E9C662ED692A628DFA0292B8139ACDA64BF4CA00B12E6B5F502A1C01647EC6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181333Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:30.219{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181339Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:31.418{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181338Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:31.265{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A37F833E396B414AE077E9911765212E,SHA256=7B64055BC0605E8CF99EAB5B5F21F46E7DA4B7764CF7A88997731B149BC1D1AC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181337Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:31.234{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181344Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.533{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181343Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.433{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181342Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.280{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF0E2AB4D555057278093566C599FF4D,SHA256=ABD4F6F49F34CB151DF8BFE6DCAABA8F72EEF536022269A6DD699007C98076CC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181341Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.249{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181340Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.249{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181349Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.448{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181348Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.299{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E15A8491A4AC9EA8C4207FB0354C6BC,SHA256=D2F3E680E076E3915146B9786313E5AEE7D37C1DDC91CD4AE502A78C374B59EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181347Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.264{BD6F876E-5D62-620B-1000-000000003702}400NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=0B5F332B6CA413238C13541599BAC859,SHA256=4644FA56842187315EB2109D9AD9168872E79CB03B177D0217CE024759398F68,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181346Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.264{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181345Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:33.132{BD6F876E-75E2-620B-8E03-000000003702}2792ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\6lia0t9e.default-release\cache2\doomed\2399MD5=657E16676A102D15476F1CBB151FFAB4,SHA256=8752E473F716C23213E42CE2A2175B5C7DB8AE487F301F01FA85BD7F0C1B6DE5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000181359Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.559{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local62788- 354300x8000000000000000181358Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.514{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local55185- 354300x8000000000000000181357Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.511{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local50724- 354300x8000000000000000181356Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:32.426{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51401-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181355Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.464{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181354Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.317{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE75DF103EAB367BA460F31A409133ED,SHA256=6CF43BDD5F238DC2E35E601B9E81EA11AC45094CC9B9CF3E2C416C44522A5604,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181353Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.279{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181352Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.079{BD6F876E-5D62-620B-0D00-000000003702}9049096C:\Windows\system32\svchost.exe{BD6F876E-5D70-620B-2A00-000000003702}2952C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181351Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.079{BD6F876E-5D62-620B-0D00-000000003702}9049096C:\Windows\system32\svchost.exe{BD6F876E-75E2-620B-8E03-000000003702}2792C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181350Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:34.079{BD6F876E-5D62-620B-0D00-000000003702}9049096C:\Windows\system32\svchost.exe{BD6F876E-75E2-620B-8E03-000000003702}2792C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181362Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:35.478{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181361Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:35.347{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDF167DC225645882FA6F377452F9DC2,SHA256=885D946DAA603F2CAAF8CFF1B8C31E233D292540D2F275B5FB655DCDBAF0D0C6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181360Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:35.294{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181365Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:36.493{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181364Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:36.377{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2D215CDC96BDE0E0B2EE6C2F8D3459F,SHA256=462A134F6EF1A61162370F47E0912240889FE974821B2030C98EA55243785058,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181363Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:36.294{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181371Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.544{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181370Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.493{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181369Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.463{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\respondent-20220215075946-229MD5=7025492FB1EC8C8269D41863CFF34962,SHA256=B1F3EABB43E02B60652A4A1B84340FC0A4954EF456DB30059A9A5966425DEB16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181368Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.413{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05C1D60F1FE04FC71B801FBA427E5B5D,SHA256=DC65074986B0EFF17C2B6C726D24DD164BFAB7931D35386276FFCF1DEF687B52,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181367Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.313{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181366Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.260{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181375Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.493{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181374Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.476{BD6F876E-5D70-620B-2500-000000003702}2784NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0846a354d6920bec6\channels\health\surveyor-20220215075944-230MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181373Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.443{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED8033EEE43135A8AE0BBC40F742305E,SHA256=B5D9A7DEBD3A12F3B5A2D735CF768ABBED6DCE9F462C1590DA58052C2EEF28CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181372Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.328{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181379Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:37.288{BD6F876E-5D62-620B-0F00-000000003702}356C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse58.69.124.14358.69.124.143.pldt.net63956-false10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local3389ms-wbt-server 10341000x8000000000000000181378Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:39.511{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181377Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:39.474{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1927A16CFB099AFF6E5F355AFCAA9503,SHA256=076FB4E20F3541747870240CFF2E35A28FA87B22712EDBA4EA2C588E91FB79B1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181376Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:39.343{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181383Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:38.421{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51402-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000181382Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:40.526{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181381Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:40.510{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A68B51AD33C86589EE6375D591B85785,SHA256=952F3F9C6FF5A2A974A2F36E4A59BFC000888C458E42439D425CA5130559341E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181380Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:40.373{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181388Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.526{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181387Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.511{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB7E3CE1A7053D478BDF73B552460E7F,SHA256=8ADCDA61B178AB9F1C09B4110F58F13546E9DEC6CF7E6577783A31F5FB208C98,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181386Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.389{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181385Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.111{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=358536B409EF60FAD2F981CEB2B0D903,SHA256=52347452DD3ABB096F036D65BA3999FA4A2A5A295E7A543F297C69346F9BE625,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000181384Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:41.111{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=24751F907ABB68170F4A148A806A839B,SHA256=516975AD87F60BAF612DB7F777E9ED91F6884A4A2DE7A0CB7CCA48FB377FB5F9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181393Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.558{BD6F876E-7D94-620B-DF04-000000003702}72127216C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00003068000F33FC)|UNKNOWN(0000306800089941)|UNKNOWN(0000306800089941)|UNKNOWN(000030680020AB42)|UNKNOWN(0000306800089941)|UNKNOWN(00003068000879FB)|UNKNOWN(00003068000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181392Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.526{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2271B927B09B244FFDD724F6515769D4,SHA256=35503B95CDF7EF292665CFE0E24D1C22F8B35C9BA7A705C3B4C8877C2B81406E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181391Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.526{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181390Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.390{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181389Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.274{BD6F876E-7D94-620B-D904-000000003702}68286908C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D93-620B-D704-000000003702}5508C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(00004863000F33FC)|UNKNOWN(0000486300089941)|UNKNOWN(0000486300089941)|UNKNOWN(000048630020C6DB)|UNKNOWN(0000486300089941)|UNKNOWN(00004863000879FB)|UNKNOWN(00004863000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 23542300x8000000000000000181396Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:43.541{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78CE35D2143DEC0DD92355A39F166F85,SHA256=C4B9EF34192A3328E4A09099049A7E0E972204756222F1A065E1C0D72B871516,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181395Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:43.541{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181394Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:43.410{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181402Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.653{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local49721- 354300x8000000000000000181401Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.624{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local54686- 354300x8000000000000000181400Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:42.620{BD6F876E-5D70-620B-2700-000000003702}2916C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-tcontreras-attack-range-213.attackrange.local52930- 23542300x8000000000000000181399Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:44.573{BD6F876E-5D81-620B-7300-000000003702}3308NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04426ABCF3AC04EC722E818B2F5E283D,SHA256=29E5457A155694232129769D76B96E4B2192F5C70E87DD3D3A476C85A01B266A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000181398Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:44.541{BD6F876E-7D93-620B-D804-000000003702}51884616C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x1401C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d7a77c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1d13717|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d7c332|UNKNOWN(000047F6000F33FC)|UNKNOWN(000047F600089941)|UNKNOWN(000047F600089941)|UNKNOWN(000047F60032E20D)|UNKNOWN(000047F6002B9121)|UNKNOWN(000047F6000879FB)|UNKNOWN(000047F6000875F7)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d9b18c|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+2d6b62f|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17769bd|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a5834|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a8b1d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+3504d2|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+1be82d|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36944d2|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000181397Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:44.426{BD6F876E-7D93-620B-D804-000000003702}51886568C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe{BD6F876E-7D91-620B-D504-000000003702}6388C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6144|C:\Windows\System32\KERNELBASE.dll+221bd|\\?\c:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\resources\app\node_modules.asar.unpacked\native-watchdog\build\Release\watchdog.node+f41cf0fb(wow64)|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+17a9962|C:\Users\Administrator\AppData\Local\Programs\Microsoft VS Code\Code.exe+36a38d0|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 354300x8000000000000000181406Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.attackrange.local-2022-02-15 11:55:43.467{BD6F876E-5D7A-620B-6A00-000000003702}3180C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-tcontreras-attack-range-213.attackrange.local51403-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000181405Microsoft-Windows-Sysmon/Operationalwin-dc-tcontreras-attack-range-213.atta